Is anyone out there using Application Control (Solidcore) on Windows 7 endpoints that are also running Faronics Deep Freeze Enterprise version 188.8.131.5270?
We're experiencing the following strange behavior when we update an existing policy--adding an updater or a binary to a rule group--that is already associated with a policy and that is already associated with a system tree group. If we pull down and enforce new policies from the endpoint or push them down from the ePO server, the status information on the McAfee Agent Monitor indicates that the endpoint's policies have been downloaded and are being enforced. However, the new rule that we added does not take affect until we do one of two things:
 Thaw the machine and download the policy. It immediately takes affect.
 Download the policy to the endpoint, enforce policies--at this point, the new rule has not taken affect--then edit the new rule in the rule group--this can be something as simple as changing a lower-case letter to an upper-case letter in any of the fields in the rule--then downloading and enforcing the policy again. Then the new rule takes affect.
Has anyone else experienced this behavior and found a fix? Our expectation is that although the endpoints are frozen, the rules in updated policies should take affect as soon as the policy is downloaded and enforced on the endpoint.
Hope this make sense.
I am not familiar with Deepfreeze product. Can you explain how you use it in your environment (at a high level)?
Thank you for your response.
Deep Freeze is a product marketed by Faronics. Its allows us to 'freeze' our workstations, so that if someone makes any changes to it, they are lost when the workstation is rebooted. A workstation running with Deep Freeze enableb is said to be 'frozen.' This is a link to the Faronics Deep Freeze Web site: http://www.faronics.com/products/deep-freeze/enterprise/
I work in a school district, and we have the need to prevent students from constantly changing workstation desktops, installing programs, or deleting files. Deep Freeze is the answer we chose. If any changes are made to a frozen workstation, a simple reboot brings it back to a pristine state. We have also begun implementing McAfee Application Control (Solidcore) on a subset of frozen workstations as a test for a broader installation. For the most part, Solidcore is working great; however, we have come across the problem I outlined in my initial post--policies don't update properly on frozen workstations, even if we manually check for new policies and enforce policies. Our testing shows that they update properly on workstations that are not frozen--these being workstations that either do not have Deep Freeze installed or that have Deep Freeze installed but are in a 'thawed' state; that is, Deep Freeze is installed but not running.
The policy updates will require changes on 'Frozen' workstattion. From what I can gather, the affected files need to be in the 'Thaw' area or the policies should be applied when the machine is in 'thawed' state.
You can file a support case so that they can help you define these settings.
Thanks for the additional information.
Could you please tell me the names of the affected files and their locations, or is that something that I would have to ask if I open a support case? We're familiar with working with thaw spaces. We just need to know what to thaw.