Adding a hash manually to Advanced Threat Protection blacklist can disable Symantec Endpoint Protection System Lockdown and Application & Devices Control feature
search cancel

Adding a hash manually to Advanced Threat Protection blacklist can disable Symantec Endpoint Protection System Lockdown and Application & Devices Control feature

book

Article ID: 165209

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When adding a file hash manually on the Advanced Threat Protection (ATP) console, the Symantec Endpoint Protection (SEP) System Lockdown and Application & Devices Control (ADC) feature do not honor their policies.

No error messages are displayed on the SEP client

Environment

Advanced Threat Protection (ATP) 2.0  or newer

Symantec Endpoint Protection Manager (SEPM) 12.1.X or newer

Symantec Endpoint Protection (SEP) 12.1. or newer

Cause

This issue might occur if you manually add a file hash (MD5 or SHA 256) to the ATP blacklist in uppercase.

Resolution

This issue is resolved in Symantec Endpoint Protection (SEP) 14 MP2. For more information on upgrading, please see Upgrade or migrate to Endpoint Protection 14

To workaround:

  1.     Log in to ATP console
  2.     Open blacklisting policy
  3.     Copy MD5 hash upper case entry
  4.     Delete MD5 hash upper case entry
  5.     Add MD5 hash entry in lower case
  6.     Save Policy
  7.     Wait for the updated blacklist to propagate to the Symantec Endpoint Protection Manager and Symantec Endpoint Protection clients
  8.     Restart the Endpoint Protection Client by issuing the command SMC -stop /SMC -start or by rebooting the computer.

 

Powered by Wolken Software