Interaction between system lockdown and
Symantec EDR
deny list (blacklist) rules

If your network includes
Symantec EDR
, you might see blocked applications in the system lockdown configuration from
Symantec EDR
.
Symantec EDR
deny lists (blacklists) interact with the system lockdown configuration in the following ways:
  • When
    Symantec Endpoint Protection Manager
    receives a deny list rule from
    Symantec EDR
    ,
    Symantec Endpoint Protection Manager
    enables system lockdown in deny mode for all domains and groups.
  • The deny list rule appears in the
    Symantec Endpoint Protection Manager
    file fingerprint list in the system lockdown configuration. You cannot modify a file fingerprint list from
    Symantec EDR
    .
  • If you configured a client group with system lockdown enabled in allow mode, the setting is preserved and
    Symantec Endpoint Protection Manager
    does not use the
    Symantec EDR
    deny list rule.
  • If you disable system lockdown and delete the
    Symantec EDR
    deny list,
    Symantec Endpoint Protection Manager
    automatically re-enables system lockdown and applies the deny list.
  • If you disable system lockdown but do not delete the
    Symantec EDR
    deny list, system lockdown remains disabled until you re-enable it.
Symantec EDR
sends allow list rules directly to
Symantec Endpoint Protection
clients.
Symantec EDR
does not send allow list file fingerprints to
Symantec Endpoint Protection Manager
.
More information