Showing results for 
Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 8

All kinds of App control issues

I have a few SRs open on app control, but wanted to see if anyone had input hear.  We are testing app control on some end users systems that need a high level of protection.  We see a few issues:

    • properly configured updaters still being blocked.  example, we get dozens of events from C:\windows\system32\driverstore directory where most windows services; services.exe, svchost.exe, etc, are getting write denied messages.. hundreds
    • wscript.exe not being allowed, but it's in as an updater
    • Computers with solidcore lock up on shutdown.  They are all running win7 and get to "shutting down" and freeze; put solidcore into update mode, they shutdown fine
    • finally, a few of these systems are having a big issue in that they will lock up after being logged into for a number of minutes consistantly.  Disable Solidcore, and no more problems.

Any thoughts, or input from anyone on this?

7 Replies

All kinds of App control issues


Regarding your first issue: Even if you see services.exe/svchost.exe getting write denied message while accessing driverstore, any of thedevice like printers, USB etc. when you connect to the system, are they functioning properly? How about the system behaviour - is it normal?

Wscripts.exe should work. Try also adding wscript to binary list as a hash.

Issue 3 and 4 : I am working with solidcore more than a year, never seen those behaviours. Do you have an encryption s/w installed which controls the screen and system locking?

- AB

Level 7
Report Inappropriate Content
Message 3 of 8

All kinds of App control issues

The systems do seem to run properly, other than the lock up issues.  Software doesn't seem to fail at this point.  I haven't really used the binary list at this point, do you use that list a lot?

We do have encryped hard drives in these systems using wavesys software... disk level FDE.  Have you seen that be an issue?


Re: All kinds of App control issues

Issue number 1:

Can you verfify what the client considers approved (vs. what is in the console) by using the command line. This will verify the client has the policys

sadmin updaters list

Issue #2

We had somthing similar with annother file. I will ask around.

Issue #3

We have this issue currently as well"

  • Computers with solidcore lock up on shutdown.  They are all running win7 and get to "shutting down" and freeze; put solidcore into update mode, they shutdown fine

Issue #4

We have heard of this issue but have not been able to recreate it

Level 10
Report Inappropriate Content
Message 5 of 8

Re: All kinds of App control issues

1st: have you added the pre-defined rules/rule groups that are called sth like "windows system" (or only system? or only windows? not sure so far), windows update, etc? (you can check / modify that groups ba duplicating).

2nd:  is sth reported in OBSERVE mode that would be blocked? (if yes - create rule / policy from result; if not: maybe its its some script or so on a network share like logon/logoff scrips (you could add this SYSVOL... stuff as a trusted directory)

Re: All kinds of App control issues

Reguarding : "Computers with solidcore lock up on shutdown"

What we found was that the Software Deployment app: BigFix/TEM/IEM (what ever you call it this month) stops when it tries to read the file "C:Solidcore\_tdll.dll". Nothing gets displayed on the screen. Any time after that file is read, when a user goes to shutdown, the system will not do it, it hangs.

When the file is read, this also stops the besclient.exe from functioning. Besclient is the software deployment agent used by BigFix/TEM/IEM.

As best as we can tell the file "C:Solidcore\_tdll.dll" is read as part of an assessment for Microsoft Seecurity Patches by a Bigfix fixlet. A fixlet is a besclient script that can query a system for information.

At this time we have opened a case with IBM for BigFix and McAfee for Application Control/Solidcore.

These are all the same product. IBM keeps changing the name of it.


Tivoli Endpoint Manager

IBM Endpoint Manager

Message was edited by: gearmesh on 3/13/14 10:42:49 AM CDT

Re: All kinds of App control issues


I still have issues with Windows 7 systems where once the systems are solidified (MA 4.8, VSE 8.8 Solidcore 6.1.3)it hangs at "Shutting down" and have to do a hard reboot.

Unsolidified systems works fine.

Any ideas guys..?


Level 12
Report Inappropriate Content
Message 8 of 8

Re: All kinds of App control issues


Issue4, can you provide a dump of the system when you see a hang. That's the fastest way to check where the issue is.



You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community