search cancel

How to confirm on a SEP client if "System Lockdown" is enabled.

book

Article ID: 162341

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You need to be able to check and confirm if "System Lockdown" is enabled on a Symantec Endpoint Protection (SEP) client without checking the policies on the Symantec Endpoint Protection Manager (SEPM).

Resolution

On the SEP client side, there is nothing on the SEP GUI that can confirm if "System Lockdown" is enabled nor is there a registry key that can be checked.  The only solution to check if "System Lockdown" is enabled on the client, is to export the SEP client configuration to a text file and check inside the file if there are any references to "System Lockdown".

To export the SEP client configuration to a file:

  1. Start > Run > and type : smc -exportconfig c:\filenameofyourchoice.xml and enter
  2. Go to c:\filenameofyourchoice.xml and open the file with notepad or an editor of your choice
  3. Search for text string: "System Lockdown"
  4. If the SEP client has "System Lockdown" enabled, you will see something like this:

[email protected]"><Permission ClassName="Create Process" Name="LockDown"
Description="System Lockdown"  ApplyToOSList="" Priority="0" Severity="1"><ClassParameter><PatternMatchGroupLink>

Note: If System Lockdown is not enabled, the search will return 0 results.