United Kingdom | Capture Application Lists for use in Symantec Data Center Security (DCS)

Ben Shorehill - 19.08.202020200819

United Kingdom | Capture Application Lists for use in Symantec Data Centre Security (DCS)

Join our community of 1,000+ IT professionals, and receive tech tips and updates once a week.

Capture Application Lists for use in Symantec Data Centre Security (DCS)

United Kingdom | Capture Application Lists for use in Symantec Data Centre Security (DCS)

Symantec DCS is a versatile tool which can be used to perform various lockdown tasks on Windows and UNIX/Linux machines. It can do anything from application whitelisting through to a full least-privilege enforcement. It is a popular tool to use across many different operating systems, but its particularly useful on legacy machines which are no longer supported by the vendor. Symantec’s support for old OSes currently stretches back as far as Windows 2003, SP1!

When you create a prevention policy in DCS it is critical you understand what applications are in your whitelist. That is, which applications do you want to allow to have higher (or even full) access to resources on your system. DCS has an auto-discovery feature which allows you to do this automatically. However, one drawback to this method is that you need to already have the agent installed on a machine.  The other drawback is you can’t use it in conjunction with application lists. I’ve created a script you can use to create an importable CSV for your application. The script will query any executable under a folder you specify and create the CSV with the following details:

  • Full path to the executable
  • Publisher name (if the code is signed)
  • SHA 256 hash (if the code is unsigned)

It will also add the application name and version to the comments field.

The script requires SigCheck which is a SysInternals tool free for download. Just make sure SigCheck is in the same directory as the script and run the script from PowerShell.

United Kingdom | Capture Application Lists for use in Symantec Data Center Security (DCS)

A folder selection window will open. Navigate to the directory in which you have your applications to be imported and click OK:

United Kingdom | Capture Application Lists for use in Symantec Data Center Security (DCS)

Once the scan is completed, you will be prompted to save the CSV file. Save it in your preferred location:

United Kingdom | Capture Application Lists for use in Symantec Data Center Security (DCS)

Copy the CSV file you have saved to the management server or to a machine running the CSP console. Log into the console with your credentials and open the Prevention policy you wish to add the newly imported list to. In the policy, click Advanced and then click My Custom Sandboxes and lists:

United Kingdom | Capture Application Lists for use in Symantec Data Center Security (DCS)

If you haven’t created the list yet, click on the + Symbol to add a new list. Make sure you’ve selected ‘This defines a set of applications to be referenced later’ as your Category and you’ve added the Display Name and ID before selecting OK.

United Kingdom | Capture Application Lists for use in Symantec Data Center Security (DCS)

Click edit on your list:

United Kingdom | Capture Application Lists for use in Symantec Data Center Security (DCS)

If not already checked, check the box for Application Programs and click Edit:

United Kingdom | Capture Application Lists for use in Symantec Data Center Security (DCS)

Click import to import your newly created list. Navigate to the list and click Import. You will be prompted to either Append or Replace the list. Appending will leave the existing rules in place. Choose either option to import your list:

United Kingdom | Capture Application Lists for use in Symantec Data Center Security (DCS)

And that’s it! Reference the list in your application rules.

Hungry for more?

If you’re waiting for a sign, this is it.

We’re a certified amazing place to work, with an incredible team and fascinating projects – and we’re ready for you to join us! Go through our simple application process. Once you’re done, we will be in touch shortly!

Who is Insentra?

Imagine a business which exists to help IT Partners & Vendors grow and thrive.

Insentra is a 100% channel business. This means we provide a range of Advisory, Professional and Managed IT services exclusively for and through our Partners.

Our #PartnerObsessed business model achieves powerful results for our Partners and their Clients with our crew’s deep expertise and specialised knowledge.

We love what we do and are driven by a relentless determination to deliver exceptional service excellence.

United Kingdom | The AI Execution Gap: Why Belief Without Action is the New Business Risk

Insentra ISO 27001:2013 Certification

SYDNEY, WEDNESDAY 20TH APRIL 2022 – We are proud to announce that Insentra has achieved the  ISO 27001 Certification.