Endpoint Protection

 View Only
  • 1.  How to check the blocked Hash in SEPM 14.3 RU3

    Posted Sep 22, 2022 03:44 AM
    Dear Community,

    In some cases we have blocked some IOCs like hash values in our SEPM 14.3 RU3 through application control policy. However, after blocking these hash, we  are unable to get visibility of blocked hash in SEMP. Is there any option to check the current blocked hash value status in SEPM.

    On the other hand, some time we need to blocked multiple hash values one by one in SEPM. is there any option to bulk upload of multiple hash values in SEPM.

  • 2.  RE: How to check the blocked Hash in SEPM 14.3 RU3

    Broadcom Employee
    Posted Sep 23, 2022 01:34 AM
    If you enable logging under the "Actions" tab for the Application Control Rule that blocks a process, you will see logging at the client (View Logs> Client Management> Control) and at SEPM (Application and Device Control).

    You can upload lists of hashes in SEPM> Policies> Policy Components> File Fingerprint Lists. But such lists cannot be used in Application & Device Control Policy. You can use them in "System Lockdown" though, which is more suitable for bulk processing of application hashes.

    Online documentation:

    About application control, system lockdown, and device control

    Configuring system lockdown