{"id":1825,"date":"2020-08-19T01:00:00","date_gmt":"2020-08-19T01:00:00","guid":{"rendered":"http:\/\/inswwdev.azurewebsites.net\/au\/insights\/uncategorized\/capture-application-lists-for-use-in-symantec-data-center-security-dcs\/"},"modified":"2024-09-17T07:37:50","modified_gmt":"2024-09-17T07:37:50","slug":"capture-application-lists-for-use-in-symantec-data-center-security-dcs","status":"publish","type":"post","link":"https:\/\/www.insentragroup.com\/us\/insights\/geek-speak\/cloud-and-modern-data-center\/capture-application-lists-for-use-in-symantec-data-center-security-dcs\/","title":{"rendered":"Capture Application Lists for use in Symantec Data Center Security (DCS)"},"content":{"rendered":"

Symantec DCS is a versatile tool which can be used to perform various lockdown tasks on Windows and UNIX\/Linux machines. It can do anything from application whitelisting through to a full least-privilege enforcement. It is a popular tool to use across many different operating systems, but its particularly useful on legacy machines which are no longer supported by the vendor. Symantec\u2019s support for old OSes currently stretches back as far as Windows 2003, SP1<\/a><\/span>!<\/p>\n

When you create a prevention policy in DCS it is critical you understand what applications are in your whitelist. That is, which applications do you want to allow to have higher (or even full) access to resources on your system. DCS has an auto-discovery feature which allows you to do this automatically. However, one drawback to this method is that you need to already have the agent installed on a machine.\u00a0 The other drawback is you can\u2019t use it in conjunction with application lists. I\u2019ve created <\/a><\/span>a script <\/span>you can use<\/span> to create an importable CSV for your application. The script will query any executable under a folder you specify and create the CSV with the following details:<\/p>\n