You can use the checksum.exe utility to create a file fingerprint list. The list contains the path and the file name and corresponding checksum for each executable file or DLL that resides in a specified path on the computer. The utility is installed with Symantec Endpoint Protection on the client computer.
You can also use a third-party utility to create a file fingerprint list.
You import the file fingerprint list into Symantec Endpoint Protection Manager to use in your system lockdown configuration.
The format of each line is checksum_of_the_file space full_pathname_of_the_exe_or_DLL.
An example of checksum.exe output is shown here:
0bb018fad1b244b6020a40d7c4eb58b7 c:\dell\openmanage\remind.exe 35162d98c2b445199fef95e838feae4b c:\dell\pnp\m\co\HSFCI008.dll 4f3ef8d2183f927300ac864d63dd1532 c:\dell\pnp\m\co\HXFSetup.exe dcd15d648779f59808b50f1a9cc3698d c:\dell\pnp\m\co\MdmXSdk.dll 2f276c59243d3c051547888727d8cc78 c:\Nokia Video Manager\QtCore4.dll e6b635b6f204b9f2a43ba7df8780a7a6 c:\Nokia Video Manager\QtNetwork4.dll 0901d37ec3339ef06dba0a9afb0ac97c c:\Nokia Video Manager\QtXml4.dll a09eaad7f8c7c4df058bbaffd938cd4c c:\Nokia Video Manager\VideoManager.exe
To create a file fingerprint list with checksum.exe
Open a command prompt window on the computer that contains the image for which you want to create a file fingerprint list.
The computer must have Symantec Endpoint Protection client software installed.
Navigate to the folder that contains the file checksum.exe. Typically, the file is located in the following folder:
C:\Program Files\Symantec\Symantec Endpoint Protection\<version number>\bin
Type the following command:
checksum.exe outputfile path
where outputfile is the name of the text file that contains the checksums for all the applications that are located on the specified drive. The output file is a text file (outputfile.txt).
The following is an example of the syntax you could use to create a fingerprint list for an image:
checksum.exe C:\cdrive.txt C:
This command creates a file that is called cdrive.txt. It contains the checksums and file paths of all the executables and DLLs found on the C drive of the client computer on which it was run.
The following is an example of the syntax that you could use to create a fingerprint for a folder on the client computer:
checksum.exe blocklist.txt c:\Files
This command creates a file that is called blocklist.txt. It contains the checksums and file paths of any executables and DLLs found in the Files folder.