3 Replies Latest reply on Jul 2, 2013 9:41 AM by Regis

    App Control,  Win7 in ESX/vsphere  - anyone using?   Success?    Or abject pain?

    Regis

      I'm currently evaluating Application Control/SolidCore 6.1.0 for a client and running into an issue that neither the SE nor assigned 2nd tier support person seems to have no seen before.   3rd tier seemed rather stumped too, but we at least narrowed it down to a confluence of pkg-ctrl and MP-nx features conspiring to create the misery.   

       

      The issue:   attempting to run cmd.exe  results in either

      • NX protection preventing it from running...  (C:\Windows\System32\cmd.exe NX_VIOLATION_DETECTED "McAfee Application Control prevented an attempt to hijack the process by executing code from writable memory area. To permit execution of the process, define a policy with the relevant rules." )
      • or, in the best case (in observation mode, or if cmd.exe is added to an exception list (sadmin attr add -ncmd.exe with the CLI unlocked),  cmd.exe then simply crashes.

       

      Unfortunately, I'm seeing this on 2 out of 2  win7 VM's I've deployed the product to. 

      I have  so far pushed the agent to one other windows 7 box, a physical hardware box... and it it in observation mode and running as you'd expect.

      There are 2 XP boxes as part of the test group that are also not giving any surprises.

       

      After about 2 hours of work with tier 3 we isolated down a workaround... disabling pkg-ctrl feature and adding cmd.exe as an exception to the MP-nx rules would allow cmd.exe to both not get blocked by solidcore's NX protection, but also not crash. 

       

      I'm not looking for a fix so much as at least some confidence there are some VSphere  environments out there with win7 desktops deployed into them running this with any level of success.   Right now my assumption is suddenly a horrified "maybe not?"

       

      Thanks in advance for any insights or experience.

       

      on 6/4/13 3:04:47 PM CDT