You can use the checksum.exe utility to create a file fingerprint list. The list contains the path and the file name and corresponding checksum for each executable file or DLL that resides in a specified path on the computer. The utility is installed with Symantec Endpoint Protection on the client computer.
You then import the file fingerprint list into Symantec Endpoint Protection Manager to use in your system lockdown configuration.
You can also use a third-party utility or the Collect File Fingerprint List command to create a file fingerprint list.
To create a file fingerprint list with checksum.exe
Open a command prompt window on the computer that contains the image for which you want to create a file fingerprint list.
The computer must have Symantec Endpoint Protection client software installed.
Navigate to the folder that contains the file checksum.exe. Typically, the file is located in the following folder:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\
Type the following command:
checksum.exe\ outputfile path
where outputfile is the name of the text file that contains the checksums for all the applications that are located on the specified drive. The output file is a text file (outputfile.txt).
The format of each line is checksum_of_the_file space full_pathname_of_the_exe_or_DLL.
To run a checksum against all files on the C: drive, you must add the backslash at the end of the command. Otherwise, the command only runs in the folder where checksum.exe is located.
An example of checksum.exe output is shown here:
0bb018fad1b244b6020a40d7c4eb58b7 c:\dell\openmanage\remind.exe 35162d98c2b445199fef95e838feae4b c:\dell\pnp\m\co\HSFCI008.dll 2f276c59243d3c051547888727d8cc78 c:\Nokia Video Manager\QtCore4.dll
The following is an example of the syntax you could use to create a fingerprint list for an image:
checksum.exe cdrive.txt c:
This command creates a file that is called cdrive.txt. It contains the checksums and file paths of all the executables and DLLs found on the C drive of the client computer on which it was run.
The following is an example of the syntax that you could use to create a fingerprint for a folder on the client computer:
checksum.exe blocklist.txt c:\Files
This command creates a file that is called blocklist.txt. It contains the checksums and file paths of any executables and DLLs found in the Files folder.