Endpoint Protection

As per PCI 11.5:

"Deploy file-integrity monitoring software to alert personnel to unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly."

Which files on the SEP Manager are deemed "critical system files, configuration files, or content files" ?

I'm setting up a File Integrity Montioring (FIM) solution, and need to know which files I need to watch for changes, that normally shouldn't be changed on the SEP Manager.

Thanks,

Brian

Their products help achieve PCI compliance but they have nothing specific (as in FIM) for their products which may be in scope. I'd call support. Good luck with this one though. Post back if you ever get an answer.

I'm not looking for one of their products, I'm looking to find out which "critical system files, configuration files, or content files" need to be monitored for changes to ensure unnecessary changes have not be made to the SEPM.

You need to re-read my post. I'm not telling you to go out and by their product. I'm telling you straight out you won't find info on what needs to be monitored on SEPM to meet a PCI requirement.

Been there, done that with this exact issue. And it is an issue.

According to my case I opened with them - they said all *.DLL files within the Symantec Endpoint Protection Manager subfolders can be monitored, because they should be static, unless things like SEPM upgrades occur.