Friday, 21 March 2014

What is System lockdown and how to enable system lock down in SEP 12.1

Understanding the concept

System lockdown is a protection setting that you can use to control the applications that can run on the client computer. This feature works based on the finger print that you can create a from a client computer. This will include a list that contains the checksums and the locations of all the applications that are authorized for use at your organization. The client software includes a Checksum.exe tool that you can use to create a file fingerprint list. The advantage of system lockdown is that it can be enforced whether or not the user is connected to the network. You can use system lockdown to block almost any Trojan horse, spyware, or malware that tries to run or load itself into an existing application. Once you have a file fingerprint you can add that to SEPM and the particular group and hence for the clients under this group will not be able to execute none of the files that are other than in your finger print list. Before you are creating a finger print file make sure that client is installed with all other software that is relevant for your organization.

To implement this feature follow these steps

  1. Open SEPM console and click on 'Clients', select the particular group that you want to enable the 'System Lockdown'-> Under 'Policies' tab select the option 'System Lockdown'.

  1. It will show you a window which will allow you to 'enable' and 'add' the finger print that we have created from the client computer (Refer the section below to know how to create a file finger print) .
  1. To enable this feature select the checkbox 'Step 2: Enable system lockdown'.
  1. Click on 'Add' button which will list the file finger print that you have already added in SEPM console(Refer the end of this section to know how to create file finger print and how to import the file finger print ).
  1. If you do not have a finger print, you can add either custom policy which will allow execution of files type (*.exe,*.vbs,*.dll) or file from a specified system directory. To enable this click on 'Add' button under 'Approved application'.

How to create a file fingerprint list in SEP client

  1. By default all the SEP clients will have the checksum.exe file which will help you to create file finger print.
  2. Locate the and make sure that the tool checksum.exe is available in in the directory 'C:\Program Files\Symantec\Symantec Endpoint Protection'
  3. Open command prompt change directory, type 'cd C:\Program Files\Symantec\Symantec Endpoint Protection' ENTER.
  4. Now type 'checksum <name of the output file.txt>'
  5. The process will start and it may take few hours to complete based on the applications that you have installed.
  6. And the output will be available in 'C:\Program Files\Symantec\Symantec Endpoint Protection'. Now copy the output file to SEPM server and follow the below steps to Import finger print files to SEPM console.

Importing or merging file fingerprint lists in Symantec Endpoint Protection Manager

  1. Open SEPM console and Click on 'Policies'. On appearing window select 'File fingerprint lists'
  1. Right click on right hand side and select 'Add'.

  1. On the Welcome window click 'Next'.

  1. Specify a friendly name for the file fingerprint file that you want to add. Also with a small description which will help you to identify later as well.

5. Now browse the location of file fingerprint that you have generated from a client computer and click 'Next'.
  1. It will add the fingerprint to SEPM and once it is completed you will have the below success message, Click 'Close'.

  1. Now close the 'Add file fingerprint' window by clicking on 'Finish'.

No comments:

Post a Comment