System lockdown controls applications on a group of client computers by blocking unapproved applications. You can set up system lockdown to allow only applications on a specified list (whitelist). The whitelist includes all the approved applications; any other applications are blocked on client computers. Or, you can set up system lockdown to block only applications on a specified list (blacklist). The blacklist comprises all the unapproved applications; any other applications are allowed on client computers.
Any applications that system lockdown allows are subject to other protection features in Symantec Endpoint Protection.
A whitelist or blacklist can include file fingerprint lists and specific application names. A file fingerprint list is a list of file checksums and computer path locations.
You can use an Application and Device Control policy to control specific applications instead of or in addition to system lockdown.
You set up system lockdown for each group or location in your network.
Table: System lockdown steps