cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to Whitelist though Policy

Hello, I am in the process of whitelisting my systems but am having trouble in understanding how the whitelist is created and enforced through policy. Through what I have read in the docs, I have deployed Solidcore with the license, run the SC Enable task with Application Control Enabled, and have pulled an inventory from a test system. I can specify malicious files from that inventory and block them easily enough but I am confused on how this translates into the solidcore policy.

From my understanding, you should deploy solidcore, create a whitelist, create a policy based off of the whitelist, and enforce from there. Is this correct? If so how do I translate the initial inventory results into a policy that I can deploy onto multiple systems. If I am incorrect, please clarify me. I have tried looking through the docs but there is extremely little information on managing Solidcore through EPO; it only specifies tasks through Sadmin which isn't an option in my environment.

3 Replies
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: How to Whitelist though Policy

Hi @Tredmond7511,

Thank you for your post. The explanation on inventory/Whitelist collected is provided in the below link:

https://docs.mcafee.com/bundle/application-change-control-8.3.x-product-guide-windows/page/GUID-DE2E...

In very simple terms, When you install MACC client, and send the SC Enable task, essentially, you get the collection of inventory back to you, at the same time, the endpoint has a local copy of it which it uses to ensure NO OTHER APPLICATIONS apart from those mentioned in the list are able to run when you switch Application Control to "Enabled" mode. The Application Control policies would come in handy here when you wish to allow something that is not a part of the whitelist or would usually be blocked by Application control in enabled mode unless you explicitly exclude the file or action.

I sincerely hope this helps.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

Re: How to Whitelist though Policy

Thank you for the help; what you said cleared up most of my confusion. I just have a couple more questions. Is there a way to use a known good whitelist created for one endpoint and use it as a template for all related endpoints? Or do I have to create an individual whitelist for each endpoint using the SC Enable task?

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: How to Whitelist though Policy

Hi @Tredmond7511,

Thank you for your kind response.

I am afraid we cannot use a common whitelist as such. Each endpoint, rather, each Drive within each endpoint develops a set of white list for all the PE and script files present within the driver and hence they cannot be used across multiple drives or endpoint.

Each endpoint must go through their individual solidification process and will gather their own inventory as needed. Here is a previous post from community that explains this in detail:

https://community.mcafee.com/t5/Application-and-Change-Control/Copying-Solidcore-whitelist-between-s...

I sincerely hope this is helpful in clarifying your query.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community