cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 9

"test.bat" is not on corporate whitelist and will note be allowed to run

Jump to solution

Hi There,

application control 8.2.1/ Win7 64bit/ ePO managed env

New to application control... I have deployed application control and enabled it. then i create a test batch script and try to run it, of course it's blocked, but may i know how to create bypass policy for this specific file?

As per the alert, seems I have to solidify it, am i understanding correctly?

I tried to run the client task "SC: Run Commands"-> enter the command(no quotes) 'sadmin solidify C:\Users\vadmin\Desktop\test.bat', I saw the task finished successfully but I was still not able to get the test.bat running... am I missing something?

1 Solution

Accepted Solutions
Highlighted
Former Member
Not applicable
Report Inappropriate Content
Message 7 of 9

Re: "test.bat" is not on corporate whitelist and will note be allowed to run

Jump to solution

Not sure why.. but it's working fine now. thanks everyone.

View solution in original post

8 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 9

Re: "test.bat" is not on corporate whitelist and will note be allowed to run

Jump to solution

Hi,

Yes your understanding is correct.

If after executing 'sadmin solidify C:\Users\vadmin\Desktop\test.bat' , the file from same path is not executing, get us the error you observe.

 

We solidify files on path basis, so execution of file should be from path with which it was solidified.

Regards

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted
Former Member
Not applicable
Report Inappropriate Content
Message 3 of 9

Re: "test.bat" is not on corporate whitelist and will note be allowed to run

Jump to solution

@gnautiya @Mick-JP , Thanks for the helping here. local CLI is lockedown. more details please check below:

Execute SC command from client task:

Snipaste_2020-03-03_10-40-24.png

The task is ran and freed:

Snipaste_2020-03-03_10-41-59.png

Try to execute test.bat and it's still blocked:

Snipaste_2020-03-03_10-43-35.png

Highlighted

Re: "test.bat" is not on corporate whitelist and will note be allowed to run

Jump to solution

Thanks for more information.

Could you upload solidcore.log?

solidcpore.log is in C:\ProgramData\McAfee\Solidcore

Highlighted
Former Member
Not applicable
Report Inappropriate Content
Message 5 of 9

Re: "test.bat" is not on corporate whitelist and will note be allowed to run

Jump to solution

@Mick-JP 

Attached, kindly please help check it.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 9

Re: "test.bat" is not on corporate whitelist and will note be allowed to run

Jump to solution

Hi,

Kindly try solidifying the test.bat from client task using the following command:

"so C:\Users\vadmin\Desktop\test.bat" , and try execution after this runs.

 

if than also you get error, then try by running command:

"auth -ac 0d37226567f25453b1e940f94b13074bd4fe3526" and then try execution of same file.

 

Regards

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted
Former Member
Not applicable
Report Inappropriate Content
Message 7 of 9

Re: "test.bat" is not on corporate whitelist and will note be allowed to run

Jump to solution

Not sure why.. but it's working fine now. thanks everyone.

View solution in original post

Highlighted

Re: "test.bat" is not on corporate whitelist and will note be allowed to run

Jump to solution

Nice to hear working fine.

I checked your solidcore.log but didn't run sadmin solidify that time.

your log ---

U.0828.5656: Mar 03 2020:10:40:20.618:   SYSTEM: mapl_tasks.cpp: 1676: sadmin_handler cmd [sadmin solidify C:\Users\vadmin\Desktop\test.bat]

normal log ---

U.1316.2564: Mar 03 2020:14:39:26.585:   SYSTEM: mapl_tasks.cpp: 1676: sadmin_handler cmd [sadmin so C:\Users\admin\Desktop\test.bat]
U.1316.1756: Mar 03 2020:14:39:26.585:   SYSTEM: mapl_tasks.cpp: 1936: sadmin handler executing [sadmin so C:\Users\admin\Desktop\test.bat]
U.1316.1600: Mar 03 2020:14:39:28.020:   SYSTEM: cmdi_process.c:  845: Command 'sadmin so C:\Users\admin\Desktop\test.bat' returned 0: Success

I don't know why it's occur. But its okay you ware success 🙂

Highlighted

Re: "test.bat" is not on corporate whitelist and will note be allowed to run

Jump to solution

Probably, your Local CLI Access is "Recovered". Recovered CLI mode will refuse sadmin command from ePO. Check your CLI mode on command prompt using "sadmin status" on your PC.

If CLI mode is "Recovered", you have to Lockdown first.

  1. ePO > System Tree(or System) > Check client PC's name > Actions > Agent > Run Client Task Now
  2. Solidcore x.x.x > SC: Change Local CLI Access > Create New Task
  3. Select Restrict and Run Task Now and wait several seconds to do command on your PC

After Lockdown, please try "sadmin so <Path>" again.

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community