Showing results for 
Search instead for 
Did you mean: 
Level 9

Solidified binaries can be deleted in Windows 7

Hello community,

I discovered a strange behaviour of Application Control.

On Windows 7 (x64) a newly solidified file can be deleted and an event (WRITE_DENIED) is generated.

On Windows XP (x86) the behaviour is different: the newly solidified file cannot be deleted.

Weird is also that the deletion on the Windows 7 system doesn’t work for windows-files (like wmplayer.exe). It only works with custom binaries.

McAfee Agent Version on both systems:
Application Control Version on both systems:

Step by step instruction to reproduce the issue:

-  Activate Solidcore on Windows 7 (x64) system
-  Copy any binary to that system

-  Try to execute the binary => Execution denied

-  Solidify this binary via CLI (sadmin so <Path of binary>)

-  Try to execute the binary => Execution allowed
-  Try to delete the binary =>  "WRITE_DENIED" event generated

-  Windows UAC is asking you for administrator permission

-  Continue with admin rights => the binary will be DELETED

Same issue with newer versions of Agent and AC

Is it a bug or a feature?