Symantec EDR currently only supports blacklists for Symantec EDR appliances only.
To create a Symantec Endpoint Detection and Response Blacklist policy
In either Symantec EDR console, click Policies.
If you are in the EDR appliance console console, proceed to step 3. If you are in the EDR cloud console console, do either of the following:
To apply the policy to all registered Symantec EDR appliances, under Environment select Cloud.
The Blacklist (EDR Appliance) tab is selected by default.
To apply the policy to a specific Symantec EDR appliance, under Environment select the appliance.
The Blacklist tab appears by default.
In the right pane, click the plus sign and select Add to Blacklist.
In the Add to Blacklist dialog box, click the Type drop-down list and select the item for which you want to create a Blacklist policy.
You cannot edit the Type or Match Value of a blacklisted item after you add it. However, you can delete it or edit the comment.
In the Match Value field, type the value of the blacklisted item based on the type that you selected.
See Supported policy types and match values.
Optionally, type a comment in the Comment field.
For example, you may want to specify the file name for SHA256 hash.
See About Blacklist policies
See Importing Whitelist policies and Blacklist policies
See How Symantec EDR applies Blacklist policies based on your operating mode
MD5 and SHA256 Blacklist differences
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.