Showing results for 
Search instead for 
Did you mean: 
Level 12
Report Inappropriate Content
Message 1 of 5

Anyone using Application Control (solidcore) to harden certain desktops? Experiences?


Curious on a show of hands, and any general experiences with MAC applied to desktops.   Observerve mode, tuning, Enabled mode.... self-approval for certain trusted users?    Curious if anyone's really walking the walk on this and would be willing to share some of the hiccups,.

4 Replies

Re: Anyone using Application Control (solidcore) to harden certain desktops? Experiences?

I've been involved with tihs for a couple of our customers and all I'm going to say is this "take your time".  If you try to rush a default set of policies out you'll most likely generate helpdesk calls.  Or if you just do a massive deployment in Observe Mode, you'll find the amount of data collected to be astronomical.  (Similar to deploying HIPS in adaptive mode).  Start with a small test group in Observe mode, try to go through the collection on a daily basis for tuning.  You won't have to spend a ton of time if you do a little every day.  But if you let it all go and jump in at the end of a week or might be overwhelmed in the beginning.

Re: Anyone using Application Control (solidcore) to harden certain desktops? Experiences?

When you do go forward, take into consideration tasks that may be run monthy, quarterly, annually. You will want to go through these time frames or be aware of tasks that run during them to be sure you capture the time sensitive tasks.

Level 12
Report Inappropriate Content
Message 4 of 5

Re: Anyone using Application Control (solidcore) to harden certain desktops? Experiences?

Wanted to give this post a bump here and see if there's anyone other than Dennis who's actually been involved in any customer deployments like this.     I'm also curious how the interlock between SMS/SCCM deployments and  solidcore modes goes  for monthly patch updates, and what works well.   Slapping the endpoints into update mode, or trying to ferret out trusting all the relevant installers during test deploys?

But I'll settle for "yeah, we're using this on desktops and we haven't committed suicide...yet"  if anyone has actually achieved that.

THanks for any insights!

Level 10
Report Inappropriate Content
Message 5 of 5

Re: Anyone using Application Control (solidcore) to harden certain desktops? Experiences?

Hello Regis,

Looks like you have been contemplating Application Control for some time now!

We used McAfee Application Control / Solidcore about a year ago.  The deployment was very slow paced. We found that systems that don't change often were easy candidates, but system that were more dynamic were a pain.  Solidcore was originally designed for ATM type systems that never change, and for those type of systems it is great. We were constantly having to put PC's into update mode to deploy software and updates.

We ended up switching to another product which has been much easier to manage. Still about 1/4 of a full time job to manage for a network with 1000 desktops.

I havn't looked at the product in over a year, so I'm guessing they made improvements since application control is such a hot product market. Application control saves our PC's on a weekly basis. Before implementing this solution we had to re-image PC's at least once per week. Now we have gone about 6 months without the need to re-image computers.

Next step is to tackle laptops!

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community