Supported allow list and deny list policy types and match values

Type
Description
Policy
Match values
Example
Domain
Symantec EDR
allows access to any sub-domains and URLs associated with that domain.
Supported for the network scanner operating role only.
Deny list
Allow list
Special characters, such as international characters
http://gość.pl/a
Full or partial domain names
gov.ca/dmv
.gov.ca
Symantec EDR
looks for the most specific match when you have both deny list and allow list policies with similar domain names.
URL
Symantec EDR
allows access to any sub-pages (including files) associated with that URL.
Supported for the network scanner operating role only.
Deny list
Allow list
http://www.example.com/index.html
IP
Symantec EDR
bypasses all traffic inspection to and from that IP address. However, it continues to inspect the traffic that is associated with other IP addresses on the same subnet of that IP address.
Supported for the network scanner operating role only.
Deny list
Allow list
IPv4 and IPv6 protocols
10.10.10.0/24
fe80::250:56ff:fe99:3903
Symantec EDR
looks for the most specific match when you have both deny list and allow list policies with similar IP addresses. For example, you can deny list an IP address that falls within a allow listed IP subnet.
Unspecified addresses, zero subnet masks, and zero CIDR bit length and prefixes are not allowed.
Examples:
  • 0.0.0.0
  • d.d.d.d/0.0.0.0
  • d.d.d.d/0
Dot-decimal notation for IPv4
010.010.010.010
You can eliminate leading zeros. For example, you can represent 010.010.010.010 as 10.10.10.10.
IPv4-compatible addresses for IPv6
::w.x.y.z
Where w.x.y.z is an IPv4 public address assigned to an interface on the computer.
Colon-eliminated hex notation for IPv6
For example, you can represent FF01:0:0:0:0:0:0:101 as FF01::101.
SHA256
If you configure
SEP
to use the
Symantec EDR
proxy,
SEP
immediately quarantines deny listed SHA256 files when it detects them.
Supported for all  operating roles.
Deny list
Allow list
SHA256 hash value must be 64 characters with values ranging between 0 - 9 and a - f
5f2954fef148085ee930a45d9b59712f4f281b808bbb0f2391bc915df3157674
MD5
If
Symantec EDR
is integrated with
SEP
,
SEP
prevents Deny listed MD5 files (Windows executable files and MSI installers) from running on endpoints.
When you create a deny list policy for a file using its MD5 hash value, the hash value is added to the
Symantec EDR
deny listed file on
SEPM
. This file is added to the SEP Exceptions policy for all domains and all groups within those domains. If you add a new group to
SEP
, the
Symantec EDR
deny listed file is subsequently synchronized with that group as well. Additionally, if you edit the
Symantec EDR
deny listed file on
SEP
,
SEP
overwrites your edits the next time that the file synchronizes. The
Symantec EDR
deny listed file does not affect other exception policies that you create in
SEP
.
Supported for all  operating roles.
Deny list
32 hexadecimal digits
734c9d47652c62ff2dc63cafc8fef655
Troubleshooting