Detect unauhtorized execution of program via SEP ADC
Posted on 2016-10-27
The SEP client version in use is 12.1.7004.6500.
We would like to use ADC function embedded to implement application whitelisting.
The fingerprints for all authorized program at one machine was collected.
Then we did a test to execute one unauthorized program. But we found there is no warnings at all.
Then we did another test to execute another unauthorized program (but this program needs to trigger another unauthorized program). We can just see the warning regarding the execution of the 2nd unauthorized program (no warning for the execution of the 1st program)
Would you please advise if SEP ADC behaves like this? Or the problem is due to some configuration settings?
Please advise. Thanks?