Running system lockdown in allow mode

You can configure system lockdown to allow only approved applications on your client computers. Only applications in the approved list are allowed to run. All other applications are blocked. The approved list is called an allow list (whitelist). Approved applications are subject to
Symantec Endpoint Protection
's other protection features.
By default, system lockdown runs in allow mode when you enable it.
You should configure system lockdown to run in allow mode only after the following conditions are true:
  • You tested the system lockdown configuration with the
    Log Unapproved Applications Only
  • You are sure that all the applications that your client computers need to run are listed in the approved applications list.
Be careful when you add or remove a file fingerprint list or a specific application from system lockdown. Adding or removing items from system lockdown can be risky. You might block important applications on your client computers.
For more information, see:
If you run system lockdown enabled in allow mode,
Symantec Endpoint Protection Manager
does not apply any blocked applications from
Symantec EDR
For more information, see:
  1. To run system lockdown in allow mode
  2. On the console, click
  3. Under
    , select the group for which you want to set up system lockdown.
    If you select a subgroup, the parent group must have inheritance turned off.
  4. On the
    tab, click
    System Lockdown
  5. Under
    System Lockdown
    , select
    Enable System Lockdown
    to block any unapproved applications that clients try to run.
  6. Under
    Application File Lists
    , select
    Allow Mode
    Whitelist Mode
    in 14.3 MP1 and earlier).
  7. Under
    Approved Applications
    , make sure that you have included all the applications that your client computers run.
    You must include all the applications that your client computers run in the approved applications list. If you do not, you could make some client computers unable to restart or prevent users from running important applications.
  8. To display a message on the client computer when the client blocks an application, check
    Notify the user if an application is blocked
  9. Click