Endpoint Protection

 View Only
Expand all | Collapse all

SEPv11 - Importing Unapproved Application List into Fingerprint for System Lockdown

  • 1.  SEPv11 - Importing Unapproved Application List into Fingerprint for System Lockdown

    Posted Mar 12, 2010 03:34 PM
    It appears that the View Unapproved Applications List in System Lockdown adds very little value since you cannot directly import this information into a new or existing file fingerprint. Is this by design?

    I did the following steps to accomplish the import without the need to touch a remote system or run 3rd party tools like checksum.exe to obtain the new list of applications. A lot of the steps below can be automated with excel marcros, pearl scripts, and possibly SQL queries.

    Adding unapproved applications to the file fingerprint list
    1.       Enable Learn Applications that run on the client computers
    2.       Follow the system lockdown recommended steps.
    3.       Let everything run for a few days.
    4.       View unapproved applications in System Lockdown.
    5.       CTRL-A and copy all applications. Paste to Excel.
    6.       Delete All columns except for Application.
    7.       Search for Applications.
    8.       Export the Query Results. Name the Export file with a .txt extension
    9.       Go back to the excel spreadsheet with the unapproved applications data in column A and import the application search query export to column B. Use delimited data type.
    10.    Delete all imported columns except for Name and File Fingerprint and column A which was the unapproved application list.
    11.    (Optional) Step - Filter all columns and compare unnapproved application list column with the Name column. Delete cells that dont contain the same application name found in Column A and B. (Macro).
    12.    Once a final list is filtered delete Column B leaving the Unapproved Application Column and File Fingerprint column.
    13.    Save with a .txt extension. (Saving with a .csv or xls make work as well).
    14.   Import and append to existing file fingerprint or create a new one.
    15.   Let the SEP clients update the new policy.
    16.  Reset the unapproved applications test and run it again.
    17. Rinse and repeat.

    Sure would be easier to have the option to right-click the unapproved list of applications and add it to a new file fingerprint or existing fingerprint.


  • 2.  RE: SEPv11 - Importing Unapproved Application List into Fingerprint for System Lockdown
    Best Answer

    Posted Mar 12, 2010 03:42 PM
     You can import them for your firewall rules.
    and for App control

    go to SEPM - Policies - Policy Components - File Finger Print list - Search for Application -Select Group - click Search
    Select and Export the application finger print


  • 3.  RE: SEPv11 - Importing Unapproved Application List into Fingerprint for System Lockdown

    Posted Mar 12, 2010 03:48 PM
    Thanks. I knew there had to be an easier way.