I'm currently evaluating Application Control/SolidCore 6.1.0 for a client and running into an issue that neither the SE nor assigned 2nd tier support person seems to have no seen before. 3rd tier seemed rather stumped too, but we at least narrowed it down to a confluence of pkg-ctrl and MP-nx features conspiring to create the misery.
The issue: attempting to run cmd.exe results in either
Unfortunately, I'm seeing this on 2 out of 2 win7 VM's I've deployed the product to.
I have so far pushed the agent to one other windows 7 box, a physical hardware box... and it it in observation mode and running as you'd expect.
There are 2 XP boxes as part of the test group that are also not giving any surprises.
After about 2 hours of work with tier 3 we isolated down a workaround... disabling pkg-ctrl feature and adding cmd.exe as an exception to the MP-nx rules would allow cmd.exe to both not get blocked by solidcore's NX protection, but also not crash.
I'm not looking for a fix so much as at least some confidence there are some VSphere environments out there with win7 desktops deployed into them running this with any level of success. Right now my assumption is suddenly a horrified "maybe not?"
Thanks in advance for any insights or experience.on 6/4/13 3:04:47 PM CDT
I was over the remote with youi today where we identified the workarounds.
The real issue seems to be with pkg-ctrl where cmd.exe is crashing but not due to MP-NX violations. To tell you, McAfee is coming with an all new pkg-ctrl feature in the next release. I would highly suggest you to try the beta version and see if the cmd.exe crash issue goes away.
In parallel, we will keep working on the issue through the collected data.
Also to answer your doubt about Vspehere envirorments, Application control is extensively tested on in-house VM images over Vsphere. We have not observed any issue locally or from field where something is not working as expected due to VSphere enviroment.
This issue continues in a support request. Why the VM's of this particular client are unique we haven't discovered yet, but we hope to find out soon!