cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Solidcore policy no enforce

Hello partners,

 

I'am doing a lab about Solidcore products to learn more. I have my ePO and Solidcore extension and packages installed. I deployed the product on workstations and I did the "solidify" process fine. I think the product is working, but I want to do something more "custom" I created a new policy based on application control rules. I put a trust user and in executable files. I banned opera installer by hash.If I configure a trust user I can install new apps(even that app is not on whitelist) I think the policy don't work. I try to enforce on endpoint but that configuration is not working. I have attached some screenshoots:

Opera banned by hash

executable.png

Execute the opera installer(Yes, is blocked but is blocked because operasetup is not on whitelist)

opera.png

If you see, the trust user doesn't appear on list.

updaters.png

 

users.png

If I try to execute wireshark the same thing. I think if I have a trust user I can execute anyway.

wireshark.png

Hostname of workstation

workstation.png

Am I doing something wrong?

3 Replies
BenEllis
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Solidcore policy no enforce

Have you locked your CLI down? And then did a collect and send props  ??

 

In order for your machine to get policy from EPO your CLI needs to be locked down.

If this doesnt work then you need to troubleshoot your communication between MA and EPO. 

McAfee Support

Benjamin Ellis

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Solidcore policy no enforce

Hello BenEllis,

Thank you. it is working the trusted user now. I put lockdown. Now I have another question. What is the correct way to block a specific installer? I mean, If I want to block opera, wireshark and so on but with a trusted user. Is that possible?

 

control rule.png

 

Kind regards.

BenEllis
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Solidcore policy no enforce

So you can ban binaries by name and hash or by reputaiton.

Updaters will install unless you explict ban. 

 

Here is our documentation on how to configure package control feature for installers:

https://docs.mcafee.com/bundle/application-change-control-8.3.x-product-guide-windows/page/GUID-F79C...

 

Basically for package control to work. 1 it must be defined in your policy. 2 must be an updater to add/remove files.. 

 

 

 

McAfee Support

Benjamin Ellis

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community