Due to the dramatic uptick in ransomeware infections, I've been tasked with locking down our (Windows 7 SP1 64-bit) laptops so that no unapproved/unknown applications can run. I updated our SEP server and clients to the latest version (12.1.6) and have created a test group with a small number of clients. Running in Whitelist mode with 'Test Before Removal', I've taken Fingerprint files on each of them and have tried both to add them individually, and also add them to the default File Fingerprint List. I'm having mixed results....
One one hand, I have a workstation that was having a common .exe block, so I re-ran and re-added its fingerprint file - so far, so good. On the other hand, the list of Unapproved Applications is upwards of 550 exceptions in less than five minutes, though I'm not seeing any notifications pop up. If the File Fingerprint list has been run and included for every client in this group, why are there so many exclusions? Pretty frustrating for sure.
Thanks!