Using Deny List Policy settings

A Deny List policy contains a list of files that you want to block and quarantine. You identify each file by SHA-256 or a MD5 hash. These hash types are supported for
Symantec Endpoint Protection
14.x hybrid-managed devices and for
Symantec Endpoint Security
cloud-managed devices.
Currently, you can add items to the deny list only by file hash.
The option to lock the policy is not available for Deny List Policy settings.
You can use the Application Control feature for a comprehensive way to control the execution of files. Application Control requires a subscription to Symantec Endpoint Security Complete. See:
You can add files to the deny list in the following ways:
  • Add the file's hash to a Deny List policy on the
  • Use the
    Add to Deny List
    action from the
    Discovered Items > Files
  • An Add to Deny List task recommendation might appear in
    My Tasks
  1. To configure a Deny List policy
  2. Go to
  3. Select the policy that you want to edit or create a new policy. See:
  4. On the
    tab, under
    Denied Binaries
    , select the plus icon to add an item to the deny list.
  5. Enter the file name and hash value, and then select
  6. Select
    Save Policy