cancel
Showing results for 
Search instead for 
Did you mean: 
elmere2
Level 7

Solidifier command line Application Control Questions

I'm in the midst of evaluating the Solidifier command line Application Control.

1. In the documentation

Only solidified code can run. Any code that is created or modified at run-time, after the solidification step completes is considered unauthorized and not allowed to run.

Scenario: Completely solidified drive c: and reboot. I try to run an executable file but it run smoothly.  How solidfier works?

How can block any new exe. dll. & scripts.

2. Can I block any process using Solidfier?

Best Regards,

Ryl

0 Kudos
2 Replies
Artfulbodger
Level 13

Re: Solidifier command line Application Control Questions

Hi

Application Control / Solidcore is based on a Trusted Source Model.

When a Machine is set to Enabled, Solidcore scans the system for Executable code and builds a dynamic whitelist based on what is present on the machine at the moment Solidcore is Enabled. These whitelisted executables are permitted to run on the machine.

Updaters is a whole other subject but that is the basics of the Solidcore Product.

Regards

Rich

Volunteer Moderator

Certified McAfee Product Specialist - ePO

0 Kudos
Troja
Level 14

Re: Solidifier command line Application Control Questions

2. Can I block any process using Solidfier?

Hi Ryl, yes this is the main goal of Application Control. After installing the product and solidifying the system any executeable code is protected from change. Also, if enabled, any change in the memory.

Take a look at this threat for some technical background in this thread

This means..

- if you copy a file on the system, this file could not be executed on the endpoint, because it is not located on the internal whitelist

- if some "advanced thing" tries to change an application in the memory this is also blocked.

Finally, any executeable code on your system is protected, is allowed to run and is protected from any change.

To change you system in the future you have to define updaters, trusted users, installers and so on (based on the Trusted Source Model). You can call them all together as "trusted updaters"

The benefit is, you don´t have to specify which application is allowed to run furthermore you have to define how the system can be change in the future (Dynamic Whitelisting)

If the system is changed by an trusted updater any new executeable code is automatically added to the internal whitelist an can be executed in the future.

Hope this helps,

Cheers

0 Kudos