Good Morning\Afternoon
We have SEPM 12.x installed in our environment and are looking to implement Application Whitelisting. I have updated all the applications and done a full checksum of every server in our environment. I have created and appended the file fingerprint list and applied it to the client containers. The system has been running in logging mode for a significant period of time, yet I still get exceptions in the unapproved applications results pane. Since then I have gone and manually added those executables in the approved files list and restarted the logging. Why do these executables keep showing up as unapproved????? I have created a file approval for C:\Windows\System32\*.exe, yet I still have a heap of exceptions from the system32 folder.
Is it the File Name or the Application name that symantec uses to determine if a product is unapproved??? I have system32 executables calling dll's from other locations, is this a problem for whitelisting.
All of these exe's listed as unapproved also have a valid checksum
Also I have created scan exceptions for folders as well, applied them to the client containers exempted them from all scans, yet I still get exceptions in the unapproved applications list from these folders. WHY?????? They are listed as exceptions. I have a requirement to implement these whitelists by end of Financial year, yet I don't trust the product enough to switch it on for real. I have also created a script that gets all my clients to check in for policy and update. Any help would be nice, please no links to symantec documentation on how to create a whitelist I have already done that I need some guidance in how to get this implemented correctly, and a better understanding of how symantec determines approved\unapproved applications.
Regards,
Matt
