When making a change to an MD5 on the Deny list, you notice that the SEPM is not getting the new entries. Instead, the failure of attempts to send fingerprint data to SEP Manager will be logged at a low level with an event similar to the following:
SEDR was not able to update the System Lockdown settings when an MD5 hash is added to the blacklist. This can happen when an SEDR appliance Operating System is restored or reset to factory settings after it has already created the 'ATP Blacklisted files' list.
Symantec has addressed the underlying cause for this behavior by naming the list a unique name.
To manually workaround