You can enable system lockdown to block a list of unapproved applications on your client computers. All applications in the unapproved list are blocked. The unapproved list is called a blacklist. Any other applications are allowed. Allowed applications are subject to Symantec Endpoint Protection's other protection features.
If you run ATP: Endpoint in your network, the ATP: Endpoint configuration affects the system lockdown blacklist configuration.
You should configure system lockdown to block unapproved applications only after the following conditions are true:
You tested the system lockdown configuration with the Log Unapproved Applications Only option.
You are sure that all of the applications that your client computers should block are listed in the unapproved applications list.
Be careful when you add or remove a file fingerprint list or a specific application from system lockdown. Adding or removing items from system lockdown can be risky. You might block important applications on your client computers.
Running system lockdown in blacklist mode
On the console, click Clients.
Under Clients, select the group for which you want to set up system lockdown.
If you select a subgroup, the parent group must have inheritance turned off.
On the Policies tab, select System Lockdown.
Under System Lockdown dialog box, select Enable System Lockdown.
Under Application File Lists, select Blacklist Mode.
Under Unapproved Applications, make sure that you have included all the applications that your client computers should block.
A large number of named applications might decrease your client computer performance.
To display a message on the client computer when the client blocks an application, check Notify the user if an application is blocked.