Application Control / Solidcore is based on a Trusted Source Model.
When a Machine is set to Enabled, Solidcore scans the system for Executable code and builds a dynamic whitelist based on what is present on the machine at the moment Solidcore is Enabled. These whitelisted executables are permitted to run on the machine.
Updaters is a whole other subject but that is the basics of the Solidcore Product.
Certified McAfee Product Specialist - ePO
2. Can I block any process using Solidfier?
Hi Ryl, yes this is the main goal of Application Control. After installing the product and solidifying the system any executeable code is protected from change. Also, if enabled, any change in the memory.
Take a look at this threat for some technical background in this threadMcAfee Application Control vs Microsoft AppLocker?
- if you copy a file on the system, this file could not be executed on the endpoint, because it is not located on the internal whitelist
- if some "advanced thing" tries to change an application in the memory this is also blocked.
Finally, any executeable code on your system is protected, is allowed to run and is protected from any change.
To change you system in the future you have to define updaters, trusted users, installers and so on (based on the Trusted Source Model). You can call them all together as "trusted updaters"
The benefit is, you don´t have to specify which application is allowed to run furthermore you have to define how the system can be change in the future (Dynamic Whitelisting)
If the system is changed by an trusted updater any new executeable code is automatically added to the internal whitelist an can be executed in the future.
Hope this helps,