Symantec Endpoint Protection Manager (SEPM) is a comprehensive security solution that helps organizations protect their systems from various threats, including malware, viruses, and other malicious activities. One of the key features of SEPM is the ability to block specific hash values associated with known threats. This article will guide you on how to effectively block hash values in Symantec Endpoint Protection Manager.
Step 1: Accessing Symantec Endpoint Protection Manager Console
To block hash values in Symantec Endpoint Protection Manager, you need to access the SEPM Console. Follow these steps to access the console:
1. Launch Symantec Endpoint Protection Manager Console on your computer.
2. Enter your administrator credentials to log in.
Step 2: Creating a New Security Policy
After accessing the SEPM Console, the next step is to create a new security policy to define the rules for blocking hash values. Follow these steps to create a new security policy:
1. In the SEPM Console, click on “Policies” tab.
2. Under “Policies”, click on “Add a new policy”.
3. Enter a name for the new policy and provide a description if necessary.
4. From the left sidebar, click on “Advanced Options”.
5. Under “Advanced Options”, click on “Application and Device Control”.
6. Click on “Application Control”.
7. In the right pane, click on “Add” to add a new hash value.
Step 3: Blocking Hash Values
Once you have reached the “Add” page, you can proceed with blocking the desired hash value(s). Follow these steps to block hash values:
1. In the “Add” page, select the appropriate option to specify the hash value(s) you want to block. For example, you can choose to block by file or folder path, or by specific hash value(s).
2. If you choose to block by file or folder path, enter the path(s) of the file or folder in the designated field.
3. If you choose to block by hash value(s), enter the hash value(s) in the designated field. Ensure each hash value is entered on a separate line.
4. Click on “OK” to save the changes.
5. Once the hash value(s) have been added, click on “OK” again to save the new security policy.
6. Assign the newly created policy to the desired group(s) or clients to apply the hash value blocking rules.
Related FAQs:
1. How do I remove a blocked hash value in Symantec Endpoint Protection Manager?
To remove a blocked hash value, simply go to the corresponding security policy and delete the specific hash value from the list.
2. Can I block multiple hash values at once in Symantec Endpoint Protection Manager?
Yes, you can block multiple hash values at once by entering each hash value on a separate line in the designated field.
3. Will blocking a hash value affect legitimate files with the same hash?
Yes, blocking a hash value will prevent the corresponding file from executing, even if it is a legitimate file. Therefore, it is important to ensure the hash value corresponds to a known threat before blocking it.
4. Can I block hash values based on file size?
No, Symantec Endpoint Protection Manager’s hash value blocking feature does not support file size-based blocking. However, you can still employ other security measures to protect against files based on size.
5. How often should I update the hash values in Symantec Endpoint Protection Manager?
It is recommended to regularly update the hash values in Symantec Endpoint Protection Manager to stay protected against the latest threats. Check for updates from Symantec or utilize threat intelligence sources to ensure your hash value blocking rules remain effective.
6. Can I schedule hash value blocking in Symantec Endpoint Protection Manager?
No, hash value blocking in Symantec Endpoint Protection Manager is not time-based. Once a hash value is blocked, it remains blocked until manually removed from the security policy.
7. Can I view logs of blocked hash value incidents in Symantec Endpoint Protection Manager?
Yes, Symantec Endpoint Protection Manager provides logs and reports that allow you to track and view incidents related to hash value blocking. You can access these logs from the SEPM Console.
8. Is there an automatic hash value blocking feature in Symantec Endpoint Protection Manager?
Currently, there is no automatic hash value blocking feature in Symantec Endpoint Protection Manager. Hash value blocking requires manual configuration through the security policy settings.
9. Can I enable hash value blocking for specific groups or clients only?
Yes, you can assign the security policy with hash value blocking rules to specific groups or clients, allowing you to apply the blocking rules selectively.
10. Does blocking hash values interfere with other antivirus or security software?
The hash value blocking feature in Symantec Endpoint Protection Manager does not interfere with other antivirus or security software, as long as they do not utilize the same hash value blocking approach.
11. Can I prioritize certain hash values over others in Symantec Endpoint Protection Manager?
Currently, Symantec Endpoint Protection Manager does not provide a prioritization feature for hash value blocking. The blocking rules are applied uniformly without any specific order.
12. Does Symantec provide regular updates to hash value blocking rules?
Yes, Symantec regularly updates its threat intelligence database, which includes new hash values associated with emerging threats. It is important to keep SEPM updated to benefit from the latest hash value blocking rules.