We have several sites that use Solidcore for Application control. We are also using Panda Cloud Protection at these sites. SC is blocking signature updates to our AV, but not blocking the program itself from operating. Slowly but surely, all of our Panda sites are becoming more an more outdated. Panda still functions, but we cannot update it.
We have contacted Panda about the issue and here is their response:
Solidcore (Now known as Application Control) should have a set of exclusions for the auditing side of things. We (Panda) don’t have those lists and from what I remember there were specific issues with other A/V providers interacting with the solution. If I were you I would get with McAfee and ask for the list of exclusions for that particular product. The sig files are now cached in a folder, instead of a db. Let me see what I can find out about this. From what I have experienced with other clients that have had a similar situation, they had to create a script that ran daily to copy and replace the contents of the folder. I can tell you that all of the sig files are in the C:\Program Files\Panda Security\WAC\Cache folder.
Any help here is greatly appreciated.
Sorry, your Panda rep was wrong. Mcafee won't have a list for you. If McAfee provided lists for certain vendors and then your enterprise had an outbreak that exploited vulnerabilities in that applciation McAfee would be liable for not providing you accurate info...They are going to point you back to the vendor... and even then, if you were to successfully get a list from the vendor there are some things you need to consider. The vendor has an application that they want not only to work correctly but also quickly (highest possible performance). I have received lists from vendors that say to pretty much exclude their entire application directory when in fact you don't need to do that in order for their app to work. If you want your app to work correctly while also employing the best security, you need to review the events this issue is generating. If MAC (Solidcore) is truly blocking the signature updates there's more than likely an event generated. Understanding that event will help you build a Rule Set, Binary, or Updater (not an " Exclusion" per say - that's AV language) that will allow your daily sig to work correctly. If you're managing MAC on these endpoints from McAfee's ePO, it comes with default Rule Sets for their own AV product, VSE, and I bet if you review it you might figure out how to better configure your policies. Good luck!