Endpoint Protection

Dear Community,

In some cases we have blocked some IOCs like hash values in our SEPM 14.3 RU3 through application control policy. However, after blocking these hash, we  are unable to get visibility of blocked hash in SEMP. Is there any option to check the current blocked hash value status in SEPM.

On the other hand, some time we need to blocked multiple hash values one by one in SEPM. is there any option to bulk upload of multiple hash values in SEPM.

If you enable logging under the "Actions" tab for the Application Control Rule that blocks a process, you will see logging at the client (View Logs> Client Management> Control) and at SEPM (Application and Device Control).

You can upload lists of hashes in SEPM> Policies> Policy Components> File Fingerprint Lists. But such lists cannot be used in Application & Device Control Policy. You can use them in "System Lockdown" though, which is more suitable for bulk processing of application hashes.

Online documentation:

About application control, system lockdown, and device control

Configuring system lockdown
Original Message:
Sent: Sep 22, 2022 03:43 AM
From: Gazi Asif Mohammed Islam
Subject: How to check the blocked Hash in SEPM 14.3 RU3

Dear Community,

In some cases we have blocked some IOCs like hash values in our SEPM 14.3 RU3 through application control policy. However, after blocking these hash, we  are unable to get visibility of blocked hash in SEMP. Is there any option to check the current blocked hash value status in SEPM.

On the other hand, some time we need to blocked multiple hash values one by one in SEPM. is there any option to bulk upload of multiple hash values in SEPM.