cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Rabee
Level 7
Report Inappropriate Content
Message 1 of 6

solidcore not functioning properly in enabled mode

I've installed the Solidcore client on an endpoint and it worked fine. I took a hard disk image and restored it again as part of testing after which I had the issue. After restoration I tried to run a script not on the corporate whitelist but execution was not denied. So, I resolidified the volume as an attempt to solve the problem and tried to run the script and this time it was denied as expected. However, after rebooting the machine I tried to run the script and execution was not denied although the Solidcore is in enabled mode. I appreciate if any one faced similar problem and found a solution.

5 Replies
muquit
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: solidcore not functioning properly in enabled mode

Hi,
I understand your concern, what do you see in the s3_daig.log? what is the execution reason given for the script?
Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Muquit
Rabee
Level 7
Report Inappropriate Content
Message 3 of 6

Re: solidcore not functioning properly in enabled mode

Hi Muquit,

Thank you for your reply. I tried to find the s3_daig.log on the client machine but I couldn't. The execution reason for the script is to test the functionality of solidcore. I am using this machine for or testing and learning purposes. It is disconnected from the network and therefore can't communicate with ePo.

Best regards,

Rabee

muquit
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: solidcore not functioning properly in enabled mode

The s3diag.log will contain the information as to why something was allowed to execute or why it was blocked by solidcore. It should be under %Programdata% McAfee->Solidcore->Logs.
Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Muquit
Rabee
Level 7
Report Inappropriate Content
Message 5 of 6

Re: solidcore not functioning properly in enabled mode

Hi Muquit,

Thank you for your time.

When I create new script while McAfee Solidifier is Enabled I see in the s3_daig.log

<FILE_CREATED file_name="C:\Users\administrator\Desktop\mytest.bat" pid="..." process_name="c:\windows\system32\cmd.exe" ppid="..." parent_process_name="c:\windows\explorer.exe" event_time="..." event_time_system="..." file_type="script" is_system_file="false" user_name="administrator" work_flow_id="UPDATER: explorer.exe" />
<FILE_MODIFIED file_name="C:\Users\administrator\Desktop\mytest.bat" pid="..." process_name="c:\windows\system32\cmd.exe" ppid="..." parent_process_name="c:\windows\explorer.exe" cksum="..." cksum256="..." event_time="..." event_time_system="..." file_type="script" is_system_file="false" user_name="administrator" work_flow_id="UPDATER: explorer.exe" />

and file is added to inventory!!

when I execute the command
sadmin ls | find /i "mytest.bat"

I get
c:\Users\administrator\Desktop\mytest.bat

When I execute new script I see in the s3_daig.log

<PROCESS_CREATED file_name="C:\Windows\System32\ipconfig.exe" pid="..." process_name="c:\windows\system32\cmd.exe" ppid="..." parent_process_name="c:\windows\explorer.exe" cksum="..." cksum256="..." event_time="..." event_time_system="..." user_name="administrator" workflow_id="UPDATER: explorer.exe" />

Basically, McAfee Solidifier is acting as if it is in UPDATE mode while it is ENABLED!

Regards,

Rabee

Rabee
Level 7
Report Inappropriate Content
Message 6 of 6

Re: solidcore not functioning properly in enabled mode

Dear Support Team

I appreciate your support to further investigate and troubleshoot the above issue with solidcore.

Thanks

Rabee

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community