When customizing firewall rules in Symantec Endpoint Protection (SEP) 11.0 or 12.1 you notice that application fingerprints that you enter in the firewall policies do not seem to have any effect on the client side.
The same issue occurs with other additional information that can be entered in the firewall Application List like File Description, Size, Last Modified and File Version.
File fingerprints (also called file checksums or MD5 checksums) and other non-filename information in the SEP firewall policies will only take effect if Network Application Monitoring is also enabled in the policy.
Make sure Network Application Monitoring is also enabled in the policy for this group.
With this setting configured the File Fingerprint data (and any other extra information) entered in the firewall policies Application List will be verified by the SEP client before matching a packet with a firewall rule.
With Network Application Monitoring disabled only the File Name field (including the path) will be verified against running processes when matching firewall rules.