Endpoint Detection and Response (EDR)

Hashes are not blocked in Symantec EDR after adding them to block policy

  • 1.  Hashes are not blocked in Symantec EDR after adding them to block policy

    Posted 11-19-2020 09:09 AM
    Hi,

    I have this strange issue, Symantec EDR is integrated with Symantec Endpoint Protection Manager, with all required configuration like data recorder and SEP database.

    The issue is when add MD5 hashes to EDR, its being sent and updated to the SEPM lockdown policy, the lockdown is configured as black list mode.

    when try to add a hash of any application to Symantec EDR to block it on the endpoints, its not taking effects and the client still be able to run the application,

    for example I have tried to block the Internet Explorer and not allow the users to run it, i have generated the hash and added it to the black list policy in EDR.

    all polcies are updated but the users are able to run the IE though..

    What possibly be the issue?

    Thanks.