I need a solution
Has anyone used the SEP system lockdown in a monitor mode in order to find systems which are running unauthorized applications? Although I would like the security of using whitelisting so that only approved apps run, my interest is to take a more conservative, reactive approach and find systems which are not complying by running unauthorized software via an alert or report.