5 Replies Latest reply on Oct 12, 2015 9:25 PM by aus_mick

    File extensions under whitelist

    sagarmc004

      I want to know which are the file extensions that are whitelisted by Solidcore.

       

      For example:  *.dll, *.exe, *.bat, *.vbs, *.ps1, *.com

       

      Please let me know if you guys have this list.

        • 1. Re: File extensions under whitelist
          Rakesh Vyas

          Binary file on windows follow PE32 or PE64 format. MAC identifies a file to be a PE32 or PE64 by reading the file header. User does not require to configure a PE32 or PE64 file as supported as MAC identifies it by reading the file header.

           

          Scripts do not execute on their own. Scripts are the files which are run by interpreters which interprets and execute the command/functions written in a script. MAC has a default set of scripts that are protected. User can view the scripts protected by default under 'sadmin scripts list' command.

           

          By default MAC supports and protects the following binaries and scripts:

          Binary: Portable executable 32-bit and 64-bit

          Scripts: bat, cmd, pif, sys, psm1. ps1, vbe, vbs, exe, wsh, wsf, and 16bit binaries

           

          How can I configure a file or extension of my choice to be supported and whitelisted by MAC?

           

          If the file to be configured is a PE32 or PE64, there is no need for an explicit configuration as MAC will identify the file type and protect it.

          If the file to be configured is not PE32 or PE64, 'sadmin scripts' command allows the user configure the file as supported based on file extension; 'sadmin scripts add '.

          e.g: Following command can be used to configure text files to be solidified and protected under default configuration:

          sadmin scripts add .txt notepad.exe

          sadmin scripts add .txt notepad.exe wordpad.exe textpad.exe

           

          where .txt is the extension for text files and notepad, wordpad, textpad are the interpreters for text files.

          • 2. Re: File extensions under whitelist
            sagarmc004

            Thank you Rakesh

            • 3. Re: File extensions under whitelist
              scarney

              I had one other question.  I discovered the sadmin scripts command by doing some Google'ing because we wanted it to protect jarfiles.  However, if you do sadmin help-advanced or sadmin help, the scripts command does not come up which makes my organization nervous about using it.  Is this an officially supported part of Solidifier?

               

              --

              Regards,

              Sandra Carney

              • 4. Re: File extensions under whitelist
                scarney

                OK,

                 

                I think I found the answer.  The v.6.1.0 Product guide discusses the 'sadmin scripts' command on pp. 45.

                • 5. Re: File extensions under whitelist
                  aus_mick

                  Rakesh,

                   

                  Great response, but going a step further is there anyway to prevent a file extension from being identified as a PE32-dll file and automatically added to the whitelist during solidification? We have a custom file type (.bcx extension) we don't want to be whitelisted as it cannot be executed by any means. We have a need to regularly update these file remotely so there isn't a process/program that we can set as an updater in this case. We also don't want to relax our policy and allocate trusted users as this has with it inherit risks.

                   

                  Appreciate any insight you might be able to provide.

                   

                  Regards,

                  Mick