cancel
Showing results for 
Search instead for 
Did you mean: 

Best Practice for allowing a scantool in solidcore

Jump to solution

Hi All,

I have a memory and file vunerability scanner that is essentially a python packaged executable that when runs drops a log file in its folder.

Safe to give updater priviledges to the executable? or is it better practice to whitelist the executable/python.dll file seperately?

What do you think?


Regards

Aaron

1 Solution

Accepted Solutions
McAfee Employee BEllis
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Best Practice for allowing a scantool in solidcore

Jump to solution

If it just drops a log file you dont really need updater permissions. Does it do anything else?

You only need to give it updater permissions if it needs to modify solidified files.. (Create/modify/delete)

Have you tried running it just being solidified?

 

McAfee Support

Benjamin Ellis

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

5 Replies
McAfee Employee BEllis
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Best Practice for allowing a scantool in solidcore

Jump to solution

If it just drops a log file you dont really need updater permissions. Does it do anything else?

You only need to give it updater permissions if it needs to modify solidified files.. (Create/modify/delete)

Have you tried running it just being solidified?

 

McAfee Support

Benjamin Ellis

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: Best Practice for allowing a scantool in solidcore

Jump to solution

Thanks for your reply,

The file itself its not solidified but everything else on the system is.

if i whitelist just the executable the next block is a python.dll file it attempts to run.

Im guessing the executable extracts this dll to a temp folder to run.

 

Should i just keep adding executables/dlls in the executable whitelist until it runs without issue?

McAfee Employee gnautiya
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Best Practice for allowing a scantool in solidcore

Jump to solution

Hi,

If you observe that there are dll's being extracted in temp fodler and then tried to be laoded, it is more than one ,In That case good idea is to mark your application as an updater by its hash value.

 

Regards

Garima

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Re: Best Practice for allowing a scantool in solidcore

Jump to solution
I don't understand what is happening.
McAfee Employee gnautiya
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Best Practice for allowing a scantool in solidcore

Jump to solution

In this case, Kindly provide us the debug logs:

 

you can get them within "c:\programdata\McAfee\Solidcore\Logs"

 

Looking into logs, we can help you create right set of policy.

 

Regards

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community