Re: Endpoint Protection - App Whitelisting?

["Shen, Philip *HS" <PS7XJ () HSCMAIL MCC VIRGINIA EDU>]

Hi


I feel your pain with CBP.  We've have had stuff on a basic install that has been blocked TFS.  It has blocked 
Powershell scripts and DLL from Microsoft because it was unsigned.


Phil


________________________________
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Chad Tracy 
<chad.tracy () COLBY EDU>
Sent: Monday, November 13, 2017 1:18 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Endpoint Protection - App Whitelisting?

Good afternoon,

We currently use Carbon Black's CB Protection (application whitelisting) on some of our end user computers (we have a 
licensing for 300 endpoints... however we only ever got it working on around 70 Windows machines...) It has not been 
working out well and we are looking to move in a different direction.

I recently learned, from a call with Gartner, that "typically" application whitelisting is utilized on servers and 
systems that are fairly locked down (think of machines used by the insurance and medical industry, kiosks...)

Knowing this, we are looking to see what you all are doing to lock down your systems to assist in ransomware and 
zero-day incidents:

Have any of you had luck in deploying application whitelisting on their end users machines... or is this a lost cause 
that takes to much money and FTEs to support?

Do you have Endpoint protection deployed on your campus?

If so, who with?

Kind Regards,

Chad Tracy
Director of Information Security
Colby College
Waterville, ME 04901
207 . 859 . 4199
chad.tracy () colby edu<mailto:chad.tracy () colby edu>