Hello Folks,
a customer wants to block several executables in his environment with SEP 12.1 RU1.
If he creates an application control policy with the exe filename it works just fine. If he uses MD5 or SHA1 hash and tries to block it via fingerprint, it does not work. When reviewing the application control reports, the block with exe name gets logged, block with fingerprint does not.
We tested on Windows 7 and Windows XP - also tried several executables (itunes.exe, chrome.exe)
Anyone had/has the same problem?
We tested and configured the policy as it is described here:
Testing application control rule sets
http://www.symantec.com/docs/HOWTO55152
Creating a file fingerprint list
http://www.symantec.com/docs/HOWTO55451
How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage
http://www.symantec.com/docs/TECH97618