You want to monitor and collect information about the applications and services that run on each computer in your environment, in part to help create Firewall Policies, Application and Device Control Policies, Proactive Threat Scans, and so forth.
Note: In some countries, it may not be permissible under local law to use the learned applications tool under certain circumstances such as to gain application use information from a laptop when the employee logs on to your office network
from home using a company laptop. Prior to your use of this tool, please confirm that use is permitted for your purposes in your jurisdiction. If it is not permitted, please follow instructions for disabling the tool.
Enabling learned applications for a site
You can set up learned applications for the management servers within a local site or within a remote site.
To enable learned applications for a site:
Enabling clients to send the learned applications list to the management server
After you have enabled a site to collect the lists of learned applications from the clients, you enable the clients to send the lists to the server by group or by location.
Note: The client must have the Network Threat Protection module installed for this feature to work.
Note: You can modify this setting only for the subgroups that do not inherit their policies and settings from a parent group.
To send the learned applications list to the management server:
To send learned applications to the management server for a location:
Note: Need to also Enable Network Application Monitoring to allow changes in the application Checksum. To do this please follow these steps.
To enable Network Application Monitoring:
Login to the manager and go to Clients
Choose the group and Select the Policies tab
Under Policies Click Network Application Monitoring
Check the box that says, "Enable Network Application Monitoring."
From here, you can set the default policy when Endpoint Protection detects changes in an executable. Choose between Ask, Block the Traffic, or Allow and Log.
References
Administration Guide for Symantec Endpoint Protection..., Chapter 30 (page 389). Chapter 5 (page 100)