When customizing firewall rules in Symantec Endpoint Protection (SEP) 11.0 or 12.1 you notice that application fingerprints that you enter in the firewall policies do not seem to have any effect on the client side.
The same issue occurs with other additional information that can be entered in the firewall Application List like File Description, Size, Last Modified and File Version.
File fingerprints (also called file checksums or MD5 checksums) and other non-filename information in the SEP firewall policies will only take effect if Network Application Monitoring is also enabled in the policy.
Make sure Network Application Monitoring is also enabled in the policy for this group.
Navigate to the Clients tab in the Symantec Endpoint Protection Manager (SEPM) console.
Select the correct Client Group and the Policies tab.
Click "Network Application Monitoring" and tick the box to enable.
Select Ask, Block, or Allow for the "When an application change is detected" setting.
With this setting configured the File Fingerprint data (and any other extra information) entered in the firewall policies Application List will be verified by the SEP client before matching a packet with a firewall rule.
With Network Application Monitoring disabled only the File Name field (including the path) will be verified against running processes when matching firewall rules.
Imported Document ID: TECH150623
Subscribing will provide email updates when this Article is updated. Login is required.