I have a great issue with Application control, but only on 1 PC...
The PC is in observe mode and when I search in windows explorer or Search program or files of windows start the application control blocks for example some process or files located in Windows System 32... SearchIndexer.exe,conhost.exe,sniping tool and more and more ..... I change the status to Enabled with same results... at the end I the only way was change the pc status to Update Mode.
check this.... all service, file or process in system32 is Execution Denied .... this is very uncomfortable for the end user.
the endpoint is "normal" only when his status is UPDATE
Please check if your endpoint whitelist is complete. Was your system in disabled mode at any point of time before you put it in observation or enabled mode?
I dont know exactly what is the Endpoint Whitelist... I work with a global SolidCore Rules and the others systems work normally... only in this system is the problem,...
About the installation of solidcore in the endpoints, this is my method:
1. Install the application - Limited Feature and State is Disable
2. Restart the system - Now the state is Observe and Full Feature activation
3. Change the state Observe to Enable....
Work fine almost ever... but in this case application control deny simple and common process like a search in windows etc.
Please check in "System Tree" view, if the "Solidification status" for this endpoint shows "Solidfied". If not, you will need to run "Create initial whitelist" task on this endpoint.
The Product Guide (http://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/2 4000/PD24209/en_US/...) have detailed steps on how to check this.
If you still have questions, please file a support case through Mcafee portal.
This task is not valid for this version of solidifier. --> Create Initial WL ...
the value of Solidification Status ...
the same value for the others endpoints, not appear nothing.