There is no particular document as such. Please refer to Product Guide (release documents) to have an overview of solidcore features.
I can explain a few off the top of my head.
sadmin features list
activex Enabled - Allow ActiveX control
deny-read Disable - Check for when a program reads something . - useful when you want to disable copying a file - causes a little more overhead
deny-write Enabled - enabled by default - checks when a program writes
discover-updaters Enabled - I think it is used when you do a diagnostic scan to generate a list of recommended updaters
enduser-notification Enabled - Lets the user know when an block event happens new to ver 6
mp Enabled - memory protection
Message was edited by: ungert on 4/13/12 7:58:47 AM CDT
Message was edited by: ungert on 4/13/12 7:59:35 AM CDT
These are ver low level primitives and cannot be referred to as features of the product to someone unfamiliar with the product. Infact, 99% of the customers never see/modify them.
The best way to know more about Solidcore is thru McAfee website
Building on what ungert already posted... a few that he left out:
checksum - This feature calculates the checksum of files in the inventory. The inventory is then cross referenced with those that are defined in the "binary" tab of the Rule Groups. Without the checksum feature you'll be unable to allow/ban based on checksum. You can still define Updaters and Trusted Directories though.
integrity - This is a protection feature that allows Solidcore to protect itself from tampering. This has nothing to do with File Integrity Monitor (FIM). If you know the VSE product then you can compare this to Access Protection for Solidcore (just not nearly as flexible).
mp-nx - This is specifically the No eXecute function of memory protection. NX is a feature of the physical processor that's primarily designed to forego buffer overflow exploits. mp-nx requires mp. You cannot enable mp-nx without having mp enabled.
pkg-ctrl - Package Control feature. Microsoft .msi packed files are not PE-32 or PE-64 therefore Solidcore doesn't identify these as executable. The pkg-ctrl feature was designed to fill this gap by shimming msiexec calls.
script-auth - Again, scripts aren't technically PE-32 or PE-64 executables. Script-auth interprets known script types and shims their execution to validate whether they are or aren't allowed. You can modify the known list of script extensions using sadmin scripts list. You can also add/remove to this list to customize the script-auth feature. See sadmin help scripts.
How about the rest of the other features?
I would really like to see this asnwered as well. I have read ever scrap of documentation I can find as well as searched the forums. I have found that the documentation on the sadmin command seems to be incomplete.
The features in questions for me are:
If anyone can point me to documentation that defines these sadmin features, or can define them themself, I would really appreciate it.
This thread is over a year with no activity - why resurrect now?
I'm new to this scene so I certainly welcome any coaching you might have to offer. Not trying to resurrect anything but won't folks who are looking for answers still stumble across this unanswered thread? Thought I'd at least point them in the right direction.