cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
prasunthapa
Level 9
Report Inappropriate Content
Message 1 of 2
‎02-05-2018 06:25 PM

How to block application and allow only 10-15 Application

We have configured whilelist of 10-15 application and in our policy and applied on few test system. But when enabled mode is checked it allows all the applciation to run that are already preinstalled.

I ahve below query 

1.can we block all preinstalled apps and allow only selected application to execute.

2.Also can we place enable mode directly after fine tuning of policy is done.

3. Policy takes after system is solidified or without also it works.

0 Kudos
Reply
1 Reply
digualada
Level 9
Report Inappropriate Content
Message 2 of 2
‎02-06-2018 12:20 AM

Re: How to block application and allow only 10-15 Application

Hi @prasunthapa,

In Application Control whitelist is a "dynamic whitelist". It means you don't create the whitelist but it is created automatically when you deploy Application Control to your systems. After that you can create a black list for not allowed applications. The workflow is as follows:

  1. Deploy Solidcore and solidifie system.
  2. Whitelist is created automatically during solidification. All applications installed in the system during solidifiication are whitelisted. A whitelist is created PER SYSTEM, there isn't a global whitelist.
  3. In enable mode, only whitelisted applications can make changes in systems, any other will be blocked.
  4. In Observe mode, not whitelisted applications are allowed to make changes in the system and a request is created in "Policy discovery" page. There you can allow the change (application will be "whitelisted" or deny it. You have several options to do that.
  5. If you want block applications, you have to ban them one by one from inventory page of the system.

Regarding your third question, solidifying proccess starts automatically after enabling Application Control (not putting in Enabled mode, there is a subtle diference). When solidification proccess finishs Default policy for Application Control is applied (or a custom policy if you assigned it to the system). Then you can put yor system in "Observe Mode" or in "Enabled mode". I recommend you put it in "Observe mode" and approve or deny requests in "Policy discivery" page. After a period (days or even months), when there are almost no requests in "Policy discovery" page, you can put the system in "Enabled mode".

You can read best practices document for detailed information:

https://kc.mcafee.com/agent/index?page=content&id=PD26726&actp=null&viewlocale=en_US&showDraft=false...

Regards

David Igualada

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC