1 2 Previous Next 13 Replies Latest reply on May 30, 2014 4:31 PM by cupajotogo

    SolidCore features list

      Is there any document available explaining  this solidcore features list, for example antidos provides protection against repeated attacks from the same IP address. how about the other features? what is it for?

        • 1. Re: SolidCore features list

          There is no particular document as such. Please refer to Product Guide (release documents) to have an overview of solidcore features.

          • 2. Re: SolidCore features list

            I can explain a few off the top of my head.

             

            sadmin features list

             

            activex                        Enabled - Allow ActiveX control

            checksum                       Enabled

            deny-read                      Disable - Check for when a program reads something . - useful when you want to disable copying a file - causes a little more overhead

            deny-write                     Enabled - enabled by default - checks when a program writes

            discover-updaters              Enabled - I think  it is used when you do a diagnostic scan to generate a list of recommended updaters

            enduser-notification           Enabled - Lets the user know when an block event happens new to ver 6

            integrity                      Enabled

            mp                             Enabled - memory protection

            mp-nx                          Enabled

            network-tracking               Enabled

            pkg-ctrl                       Enabled

            script-auth                    Enabled

             

            Message was edited by: ungert on 4/13/12 7:58:47 AM CDT

             

            Message was edited by: ungert on 4/13/12 7:59:35 AM CDT

             

            Message was edited by: ungert on 4/13/12 8:06:52 AM CDT
            • 3. Re: SolidCore features list
              deepak_yadav

              These are ver low level primitives and cannot be referred to as features of the product to someone unfamiliar with the product. Infact, 99% of the customers never see/modify them.

               

              The best way to know more about Solidcore is thru McAfee website

               

              http://www.mcafee.com/in/products/application-control.aspx#=vtab-Benefits

               

              http://www.mcafee.com/in/products/change-control.aspx#=vtab-Benefits

              • 4. Re: SolidCore features list

                Building on what ungert already posted... a few that he left out:

                 

                checksum - This feature calculates the checksum of files in the inventory. The inventory is then cross referenced with those that are defined in the "binary" tab of the Rule Groups. Without the checksum feature you'll be unable to allow/ban based on checksum. You can still define Updaters and Trusted Directories though.

                 

                integrity - This is a protection feature that allows Solidcore to protect itself from tampering. This has nothing to do with File Integrity Monitor (FIM). If you know the VSE product then you can compare this to Access Protection for Solidcore (just not nearly as flexible).

                 

                mp-nx - This is specifically the No eXecute function of memory protection. NX is a feature of the physical processor that's primarily designed to forego buffer overflow exploits. mp-nx requires mp. You cannot enable mp-nx without having mp enabled.

                 

                pkg-ctrl - Package Control feature. Microsoft .msi packed files are not PE-32 or PE-64 therefore Solidcore doesn't identify these as executable. The pkg-ctrl feature was designed to fill this gap by shimming msiexec calls.

                 

                script-auth - Again, scripts aren't technically PE-32 or PE-64 executables. Script-auth interprets known script types and shims their execution to validate whether they are or aren't allowed. You can modify the known list of script extensions using sadmin scripts list. You can also add/remove to this list to customize the script-auth feature. See sadmin help scripts.

                 

                Message was edited by: peebee on 4/27/12 3:49:20 PM CDT
                • 5. Re: SolidCore features list
                  vfcw

                  How about the rest of the other features?

                  • 6. Re: SolidCore features list
                    jferretti90

                    I would really like to see this asnwered as well. I have read ever scrap of documentation I can find as well as searched the forums. I have found that the documentation on the sadmin command seems to be incomplete.
                    The features in questions for me are:

                    integrity

                    mon

                    mon-ads

                    mon-file

                    mon-fattr

                    mon-proc-exec

                    mon-reg

                    mon-uat

                    network-tracking

                    pkg-ctrl

                    popups

                    signing

                    signing-fic

                    ssl


                    If anyone can point me to documentation that defines these sadmin features, or can define them themself, I would really appreciate it.

                     

                    on 4/19/13 10:14:48 AM CDT
                    • 7. Re: SolidCore features list
                      cupajotogo

                      This is probably a little late but there's a great thread that references these docs here: https://community.mcafee.com/thread/45516

                      Cheers,

                      cupajotogo

                      • 8. Re: SolidCore features list

                        This thread is over a year with no activity - why resurrect now?

                        • 9. Re: SolidCore features list
                          cupajotogo

                          I'm new to this scene so I certainly welcome any coaching you might have to offer. Not trying to resurrect anything but won't folks who are looking for answers still stumble across this unanswered thread? Thought I'd at least point them in the right direction.

                          Cheers,

                          cupajotogo

                          1 2 Previous Next