6 Replies Latest reply on Apr 16, 2013 5:41 AM by sagarmc004

    Block an executable silently

    sagarmc004

      Hi,

       

      I want McAfee application control to block an executable( which is not under it's whitelist) silently. How to suppress the alerts in application control. I am using version 6.0.

       

      Regards,

      Sagar

        • 1. Re: Block an executable silently
          Rakesh Vyas

          sadmin features disable enduser-notification

          • 2. Re: Block an executable silently
            sagarmc004

            Rakesh, the above command is not working. I am getting "unknown feature, Ignoring" error from sadmin.

             

            Any idea why it is failing.

            • 3. Re: Block an executable silently
              Rakesh Vyas

              what's the version of solidcore

               

              sadmin version

               

              and output of

               

              sadmin features -d

              • 4. Re: Block an executable silently
                sagarmc004

                S3>sadmin version

                McAfee Solidifier

                Version 6.1.0-648

                 

                 

                 

                sadmin feature

                 

                  activex                        Enabled

                  anti-debugging                 Disabled

                  app-control                    Enabled

                  app-control-dsr                Enabled

                  app-control-installer-detect   Enabled

                  checksum                       Enabled

                  deny-exec                      Enabled

                  deny-exec-dlls                 Enabled

                  deny-exec-drivers              Enabled

                  deny-exec-exes                 Enabled

                  deny-exec-ads                  Enabled

                  deny-read                      Disabled

                  deny-write                     Enabled

                  discover-updaters              Enabled

                  integrity                      Enabled

                  mon                            Disabled

                  mon-ads                        Disabled*

                  mon-file                       Disabled*

                  mon-fattr                      Disabled*

                  mon-proc-exec                  Disabled

                  mon-reg                        Disabled*

                  mon-uat                        Disabled

                  mp                             Enabled

                  mp-casp                        Enabled

                  mp-mangling                    Disabled

                  mp-decoy                       Disabled*

                  mp-decoy-reorder               Disabled*

                  mp-syscall-bktrk               Disabled

                  mp-vasr                        Disabled

                  mp-vasr-randomization          Disabled

                  mp-vasr-rebasing               Disabled

                  mp-vasr-relocation             Disabled

                  network-tracking               Enabled

                  ob-logging                     Enabled

                  pkg-ctrl                       Enabled

                  pkg-ctrl-inf                   Disabled

                  popups                         Disabled

                  script-auth                    Enabled

                  signing                        Enabled

                  signing-fic                    Enabled

                 

                I just updated it to 6.1.

                • 5. Re: Block an executable silently
                  Rakesh Vyas

                  I guess you are talking about the windows popups that are poped up for blocking the execution of files. If yes, we can't supress them as its the windows functionallity.

                   

                   

                  In agents that are managed by ePO, we have a feature enduser-notification that generates solidcore popup (these popups are different then windows popup ). We can supress the popups caused by enduser-notification feature. 

                  • 6. Re: Block an executable silently
                    sagarmc004

                    Yes, I was talking about windows popups. Let me know if you come acroos any other solution for the same. Thanks a lot for the support.