• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 139
  • Last Modified:

Detect unauhtorized execution of program via SEP ADC

Hi,

The SEP client version in use is 12.1.7004.6500.

We would like to use ADC function embedded to implement application whitelisting.

The fingerprints for all authorized program at one machine was collected.

Then we did a test to execute one unauthorized program. But we found there is no warnings at all.

Then we did another test to execute another unauthorized program (but this program needs to trigger another unauthorized program). We can just see the warning regarding the execution of the 2nd unauthorized program (no warning for the execution of the 1st program)

Would you please advise if SEP ADC behaves like this? Or the problem is due to some configuration settings?
Please advise. Thanks?
0
ee_lcpaa
Asked:
ee_lcpaa
1 Solution
 
gheistCommented:
Applocker logs all program execution. Does SEP 'see' the 1st executin in its log?
0
 
btanExec ConsultantCommented:
Pls do make sure the fingerprint is MD5 hash. Use SEP to block unwanted software is to block the main .EXE of the program.

NOTE: When a program is updated to a new version a new MD5 will need to be created and added, additionally you will need to make MD5s for all versions of the .EXE that may be in use.

You may submit a file to http://www.threatexpert.com and the generated report will contain the hash value. This report will be emailed to your chosen email address and made available on the site.

Microsoft has a freely available utility called the File Checksum Integrity Verifier. The utility is discussed in great detail in Microsoft's KB 841290. http://support.microsoft.com/kb/841290

Pls see the step through

https://www.symantec.com/connect/articles/block-software-fingerprint

One thing to note is you could block/allow by group. The understanding is there is no possibility to enforce policies on a single machine unless you move it to another group. But you can create any amount of policies and enforce them on groups
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now