Application and Change Control Support



Installation

The guides below explain how to install the product using McAfee ePolicy Orchestrator (McAfee ePO) or standalone methods (third-party product deployments will use the standalone method). A standalone product deployment can be switched to McAfee ePO managed. Review the supported environments documentation before deploying McAfee Application and Change Control:

For details about supported Linux kernels, refer to the supported platforms KB article. The articles below state the minimum product versions needed to support a specific Linux kernel version.

For Linux kernels not listed with official support, there are other methods that can be used to build a custom McAfee Application and Change Control installation package.

Installation guides for Windows

Installation guides for Linux

If you have an issue during installation, see the following documentation:

Windows

Linux

  • Review the log file:
    • If the upgrade is successful, the solidcoreS3_install_<rel><build>.log file is created in the /var /log/mcafee/solidcore directory.
    • If the upgrade fails, the solidcoreS3_install.log file is present in the /tmp directory. For error details, review the most-recent bitrock_installer.log or bitrock_installer_.log file in the /tmp directory.
All Installation Resources

Upgrade

McAfee defines an upgrade as a deployment where a version of McAfee Application and Change Control already exists on the endpoint. Review the supported environments documentation to ensure that the environment is compatible before deployment.

Review the guides below for information about how to install McAfee Application and Change Control and for additional details regarding system requirements.

Windows

Linux

Configuration & Best Practices

The default settings typically require additional configuration and tuning for most environments. To get acquainted with the software, review the documentation below:

Best practices guides

These guides cover installing in cloned or imaged environments, deployment strategy, guidelines for default policies, recommendations for fetching inventory, and managing applications.

Command line guides

If you want to go from standalone to managed with McAfee Application Control:

If you are running McAfee Host Intrusion Prevention, McAfee Endpoint Security, or McAfee VirusScan Enterprise with McAfee Application Control, here are some recommendations:

The memory protection that is provided via McAfee Host Intrusion Prevention, McAfee Endpoint Security, and McAfee VirusScan Enterprise is superior to what your installed version of McAfee Application Control provides, so there is no security risk in doing this.

We recommend that McAfee Application Control memory protection features be disabled on all machines that have memory protection technology from another McAfee product. You can safely use McAfee Application Control memory protection on all machines that do not have another product installed that includes memory protection technology.

Please see McAfee Application Control 8.2.0 Release notes for more information on configurable memory protection and SAU in McAfee ePO.

Additional Resources

Managing McAfee Application and Change Control

To disable McAfee Application and Change Control, you need access to one of the following:

  • The McAfee ePO server with the appropriate permissions
    • Utilize the McAfee Application and Change Control client tasks (SC: Disable, SC: Observe Mode)
  • Local administrator command line access
    • Administrative Windows command line access to the host with knowledge of the McAfee Application Control CLI password
  • How to disable McAfee Application and Change Control in safemode

Any of the above requires a reboot to disable McAfee Application Control and not have the drivers loaded. With current versions of McAfee Application and Change Control, it is not possible to disable the product without rebooting.

Note: Uninstalling the product, requires it to be in Disable mode first.

Learn how to enable McAfee Application and Change Control protection in Windows Safe Mode.

Refer to the following documentation about policy optimization. All require logging in to ServicePortal.

Root Certificate Expiration

The McAfee product line uses TLS for secure communication. Two certificates validate McAfee TLS chains, including a primary expiring in 2038 and a secondary expiring on May 30, 2020. If either certificate, or both, are present in your environment, TLS will function correctly prior to May 30, 2020. After May 30, 2020, only the primary certificate will be valid. Out of an abundance of caution McAfee is informing customers of this impending event.

Generally, certificates are auto-updated through operation systems and customers will not be impacted. However, in environments where automatic management of root certificates is disabled and the primary certificate has not been manually deployed, customers will potentially be impacted. KB92937 provides information on how to verify and install the primary certificate.

Failure to have a valid certificate will cause product issues including reduced detection efficacy.

The primary certificate that needs to be validated is in a customer's environment as below:

Subject : CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
Thumbprint : 2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
Expiration : 2038-01-18

Subscribe to KB92937 to receive updates.

Data Sheet

Download

Free Trial

Download

More Information

Contact Us