File hash filters
There are three ways in Application Control Solution (ACS) for file hashes to be used as the program or process identification parameter:
- Reference System lists (see How to create a Whitelist from a Reference System) are hashes.
- Package Contents lists (see Whitelisting software packages) are hashes.
- Items added to the Security Rated filters (Whitelist, Orangelist, and Blacklist) are identified by hashes.
Security rated filters details
The Security Rated filters location is shown below:
- In the Arellia Security Manager Console click the Polices tab and navigate to Arellia > Windows > Application Control Tasks > Application Filters > Inventory Filters > Security Rated.
- In the Symantec Management Console click the Home tab and navigate to Arellia > Application Control. Then in the portal page go to Application Control > Policies > Application Control > Application Filters > Inventory Filters > Security Rated.
To add items to the Security Rated folders (in SMP 7.0 or 7.1).
- Go to Reports > Arellia > File Inventory and select a report. The report "Summary of Win32 Executables" generally works well when parameters are used which: 1)Â identify the file(s) to be rated, and 2)Â keep the number of files returned to a reasonable number (a few hundred or less typically).
- When the files are in the report list, simply right click as below and select "Security Rating" and then click on the Rating desired. The file will then be added to the correct Security Rated list. Note: This process may take a few minutes for the files to appear in the selected list, but generally not more.