cancel
Showing results for 
Search instead for 
Did you mean: 
web1b
Level 7

McAfee Application Control vs Microsoft AppLocker?

Jump to solution

What are the benefits of McAfee Application Control vs using AppLocker?

0 Kudos
1 Solution

Accepted Solutions
Troja
Level 14

Re: McAfee Application Control vs Microsoft AppLocker?

Jump to solution

Hi,

i do not know the Microsoft product. Perhaps this technical features help you to compare. :-)

Management Events  

• Application inventory in central Management availaable 

   Complete file inventory of any managed systems visible

   File inventory by system visible

• Application classification in entral Management (Infos from vendor e.g. known malicious applications) 

  

Policies - Enforcement  

Execution of new files on endpoint can be blocked

Dynamically generated executeables on endpoints can be blocked     

Existing trusted executeable code on endpoint is protected from modification or deletion


Policies - Approach  

• Policy enforcement is based on application information (Add Remove Programs). -> this is NOT the approach of the McAfee Product

This means the product uses this information for managing applications" 

• Each application must be allowed to be started.  -> benefit of McAfee, product uses Dynamic whitelisting

• Policy enforcement is based on executeable code (executeable files). -> regardless the extension

   

Policies - Exclusions  

Exclusions based on named binary • Application can be blocked

Exclusions based on application chain (e.g. App1.exe executed by App2.exe) 

Exclusions based an certificate 

Exclusions based on username or usergroups 

Exclusions based on trusted directory 

Exclusions based on script-type 

  

Memory protection features available  

• Protecting non-code memory areas on 32-bit endpoints 

• Prevent code beeing run from non-executeable memory regions (Windows DEP) 

• Virtual Address Space Randomization (ASLR) protection for systems not supporting ASLR 

   Protection againts ROP-based attacks

   Protection against return-oriented programmed exploits

   Protection againt just-in-time compilation or JIT exploits

• Prevent code beeing run from non-executeable memory regions (Windows DEP) 

• Prevent unknown executeables to be loaded to memory 

   Prevent injecting unknown code into memory

User Interface  

• Self Approval for blocked applications 

   notification text can by modified

  

Supported environments  

32 and 64 Bit support 

Operation Systems support.  

  

Selfprotection: Administrative accounts on endpoint e.g. system account can be prevented to do any policy change.  

• Product can be managed by CLI 

• CLI is protected by password or other protection feature 

This is only some technical background. if you compare the products from different vendors in detail you can see the real differences. Also tamper protection, visibility of events, deployment and so on can expand the list shown above.

We know how fast and easy product settings can be changed. Also a secure way to manage systems not connected to the corporate network. Managing events, User self aproval and so on are often important things for an application control project.

Hope this helps,

Cheers

1 Reply
Troja
Level 14

Re: McAfee Application Control vs Microsoft AppLocker?

Jump to solution

Hi,

i do not know the Microsoft product. Perhaps this technical features help you to compare. :-)

Management Events  

• Application inventory in central Management availaable 

   Complete file inventory of any managed systems visible

   File inventory by system visible

• Application classification in entral Management (Infos from vendor e.g. known malicious applications) 

  

Policies - Enforcement  

Execution of new files on endpoint can be blocked

Dynamically generated executeables on endpoints can be blocked     

Existing trusted executeable code on endpoint is protected from modification or deletion


Policies - Approach  

• Policy enforcement is based on application information (Add Remove Programs). -> this is NOT the approach of the McAfee Product

This means the product uses this information for managing applications" 

• Each application must be allowed to be started.  -> benefit of McAfee, product uses Dynamic whitelisting

• Policy enforcement is based on executeable code (executeable files). -> regardless the extension

   

Policies - Exclusions  

Exclusions based on named binary • Application can be blocked

Exclusions based on application chain (e.g. App1.exe executed by App2.exe) 

Exclusions based an certificate 

Exclusions based on username or usergroups 

Exclusions based on trusted directory 

Exclusions based on script-type 

  

Memory protection features available  

• Protecting non-code memory areas on 32-bit endpoints 

• Prevent code beeing run from non-executeable memory regions (Windows DEP) 

• Virtual Address Space Randomization (ASLR) protection for systems not supporting ASLR 

   Protection againts ROP-based attacks

   Protection against return-oriented programmed exploits

   Protection againt just-in-time compilation or JIT exploits

• Prevent code beeing run from non-executeable memory regions (Windows DEP) 

• Prevent unknown executeables to be loaded to memory 

   Prevent injecting unknown code into memory

User Interface  

• Self Approval for blocked applications 

   notification text can by modified

  

Supported environments  

32 and 64 Bit support 

Operation Systems support.  

  

Selfprotection: Administrative accounts on endpoint e.g. system account can be prevented to do any policy change.  

• Product can be managed by CLI 

• CLI is protected by password or other protection feature 

This is only some technical background. if you compare the products from different vendors in detail you can see the real differences. Also tamper protection, visibility of events, deployment and so on can expand the list shown above.

We know how fast and easy product settings can be changed. Also a secure way to manage systems not connected to the corporate network. Managing events, User self aproval and so on are often important things for an application control project.

Hope this helps,

Cheers