1 Reply Latest reply on Sep 4, 2014 8:40 PM by vaidyanathan

    Security gap with binaries and updaters?

    jayeltee

      In reading my documentation on adding an updater, I came across two statements that seem contradictory.

      The first one is talking about what an Updater is and goes on to say "...in order to execute this program, it has to be present in the inventory either via the initial scan or given explicit authorization (vial allowed binary in the policy)."

       

      so I'm reading this to say add the exe as an updater AND a binary.

       

      Then I read this:

      "NOTE:  To avoid a security gap it is not recommended to have a file configured as an allowed binary and updater concurrently."

       

      What am I missing?  What's the security concern in having the exe added as both?

        • 1. Re: Security gap with binaries and updaters?
          vaidyanathan

          Hi,

           

          If I understand you question correctly, if an .exe can be configured as an allowed binary and as an updater as well are there any security risk right?

           

          As far as I know, if an .exe is already part of your whitelist why should that be configured as an allowed binary again?

           

          As per McAfee an .exe file which is already part of your whitelist can be configured as an updater (Eg. frameworkservice.exe -), check "Mcafee Applications (McAfee default)" policy.

           

          So for I have never come across a situation or necessity where an .exe has to be configured or defined as an allowed binary and updater as well. Could you please give me an example in your case.

           

          Thanks