We are using Symantec Critical System Protection as an advanced endpoint protection product on some critical systems. We would like to expand the product to any system on which we would like to implement "whitelist" products. Critical System Protection is a product that whitelists certain behaviors and does not allow any other behaviors on a protected system after a profile is locked. This helps with systems that are static that an organization would like to make sure does not change in any way. This product is not recommended for fluid systems such as user workstations because the administrative burden of keeping the profiles would be very difficult for small teams to accommodate.