cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Infecting a Solidified System

Jump to solution

Hi,

I have weird requirement here. We want to solidify a XP system and we are not going to install any antivirus program ( We hope that solidifier will not allow any malicious code to run).

If anyone deploy a virus or a root kit into this solidified system, what are the chances of this rootkit or virus infecting the system when solidifier status is changed in to disable or update mode ?

How does solidifier protect the system when it is disable or set to update mode ?

Regards,
Sagar

1 Solution

Accepted Solutions
Highlighted
Level 10
Report Inappropriate Content
Message 2 of 6

Re: Infecting a Solidified System

Jump to solution

Any file added to the system in update will compromise the system.

Any file added in observe mode could comprmise the system if it is added to the whitelist.

Although the product guide says otherwise you should never go into update mode while in production and you could go to observe mode in production but pull inventory, do a image deviation against the gold image then add to the whitelist if you can confirm the added files are legit.

View solution in original post

5 Replies
Highlighted
Level 10
Report Inappropriate Content
Message 2 of 6

Re: Infecting a Solidified System

Jump to solution

Any file added to the system in update will compromise the system.

Any file added in observe mode could comprmise the system if it is added to the whitelist.

Although the product guide says otherwise you should never go into update mode while in production and you could go to observe mode in production but pull inventory, do a image deviation against the gold image then add to the whitelist if you can confirm the added files are legit.

View solution in original post

Highlighted

Re: Infecting a Solidified System

Jump to solution

What happens when Solidifier is disabled ? Can system be compromised ?

Highlighted

Re: Infecting a Solidified System

Jump to solution

Yes.  Disabled is just what it sounds like, disabled.

Highlighted

Re: Infecting a Solidified System

Jump to solution

I would still have VirusScan installed on the system.  If performance is a concern, you could disable VirusScan on-access while enabled, then enable it before going into update/observe mode.  This could be done as a policy assignment rule.  Normal config has a 'scan nothing' VirusScan policy, taged for update mode enables update mode and enforces a full VirusScan On-access policy.  Having Application Control in update mode is little to no protection with logging enabled, which would make me uncomfortable. 

Highlighted
Level 10
Report Inappropriate Content
Message 6 of 6

Re: Infecting a Solidified System

Jump to solution

I agree with Eric I would still have VSE on the machine because just because a system is Solidified does nto mean I can't put malware on the system, it just won't run until soldified.

For example if you have Malware on a Solidifed system but the Malware is not Soldified and there is a known signature you could do a full scan to quaratine the malware.

Yes because disabled means not protecting it would be like not having Solidcore on the machine.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community