McAfee® Solidifier Command Line Reference Guide (for ... · McAfee Technical Support and Maintenance Terms. i) “Updates” are related to content and include without limitation

McAfee, Inc. McAfee® Solidifier for HP-UX - Installation Guide

ii

Solidifier Application Control 6.0.0

Command Line Reference Guide

McAfee, Inc. Solidifier Command Line Reference Guide (for Application Control)

End User License Agreement

BY DOWNLOADING, INSTALLING, COPYING, ACCESSING, OR USING THIS SOFTWARE YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ACCEPTING THESE TERMS ON BEHALF OF ANOTHER PERSON OR A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE FULL AUTHORITY TO BIND THAT PERSON, COMPANY, OR LEGAL ENTITY TO THESE TERMS.

IF YOU DO NOT AGREE TO THESE TERMS;

DO NOT DOWNLOAD, INSTALL, COPY, ACCESS, OR USE THE SOFTWARE; AND

PROMPTLY RETURN THE SOFTWARE AND PROOF OF ENTITLEMENT TO THE PARTY FROM WHOM YOU ACQUIRED THEM

1) Definitions.

a) “Authorized Partner” means any of McAfee‟s

distributors, resellers or other business partners.

b) “Grant Letter” means a confirmation notice

letter issued electronically by McAfee to you

confirming Software and Support purchased by

you including the applicable product entitlement,

as defined in the Product Entitlement Definitions

(further described at Section 3(a) below) and also

contains download details.

c) “Documentation” means explanatory materials in

printed, electronic, or online form accompanying

the Software in English and other languages if

available.

d) “McAfee” means (a) McAfee, Inc., a Delaware

corporation, with offices located at 3965

Freedom Circle, Santa Clara, California 95054,

USA if the Software is purchased in the United

States, Mexico, Central America, South America,

or the Caribbean; (b) McAfee Ireland Limited,

with offices located at McAfee Ireland Ltd,

Building 2000, City Gate, Mahon, Cork, Ireland,

if the Software is purchased in Canada, Europe,

the Middle East, Africa, Asia (other than Japan),

or Oceania ; and (c) McAfee Co., Ltd. with

offices located at Shibuya Mark City West

Building 12-1, Dogenzaka 1-Chome, Shibuya-

ku, Tokyo 150-0043, Japan if the Software is

purchased in Japan.

e) “Node” means any kind of device capable of

processing data and includes any of the following

types of computer devices: diskless workstations,

personal computer workstations, networked

computer workstations, homeworker/teleworker

home-based systems, file and print servers, email

servers, Internet gateway devices, storage area

network servers (SANS), terminal servers, or

portable workstations connected or connecting to

the server(s) or network.

f) “Software” means each McAfee software

program in object code format licensed by

McAfee and purchased from McAfee or its

Authorized Partners, including Upgrades.

g) “Subsidiary” refers to any entity controlled by

you through greater than fifty percent (50%)

ownership of the voting securities.

h) “Support” or “Technical Support” means the

support services offered by McAfee for the

support and maintenance of the Software and

McAfee brand hardware further specified in the

McAfee Technical Support and Maintenance

Terms.

i) “Updates” are related to content and include

without limitation all DATs, signature sets,

policy updates, database updates for the Software

which are made generally available to McAfee‟s

customer base as a part of purchased Support and

which are not separately priced or marketed by

McAfee.

j) “Upgrade” means any and all improvements in

the Software which are made generally available

to McAfee‟s customer base as a part of

purchased Support and which are not separately

priced or marketed by McAfee.

2) License Grant.

Subject to the terms and conditions of this

Agreement, McAfee hereby grants to you a

non-exclusive, non-transferable right to use

the Software (for the purpose of this

Agreement, use of the Software means to

access, install, download, copy or otherwise

benefit from using the Software) listed in the

Grant Letter solely for your own internal

business operations. You acknowledge that

the Software and all related information are

proprietary to McAfee and its suppliers. You

are not granted rights to Updates and

Upgrades unless you have purchased Support

or a service subscription.

3) Copy and Use terms

a) Product entitlement. The use of the Software

depends on the licenses purchased (e.g. Nodes)

and is subject to the Product Entitlement

Definitions set forth at

http://www.mcafee.com/us/local_content/legal/pr

oduct_entitlement_definitions.pdf on the

applicable date of your Grant Letter.

b) Multiple platforms/ Bundles. If the Software

supports multiple platforms or if you receive the

Software bundled with other software, the total

number of devices on which all versions of the

Software is installed may not exceed your

product entitlement.

c) Term. The license is effective for a limited time

period (“Term”) in the event that such Term is

set forth in the Grant Letter, otherwise the

licenses shall be perpetual.

d) Copies. You may copy the Software as

reasonably necessary for backup, archival or

disaster recovery purposes.

e) Subsidiaries. You may permit use of the

Software in accordance with the terms of this

Agreement by a Subsidiary only for so long as

such entity remains your Subsidiary. You shall

be responsible and fully liable for each

Subsidiary‟s compliance with or breach of the

terms of this Agreement.

f) Managing Party. If you enter into a contract with

a third party in which the third party manages

your information technology resources

(“Managing Party”), you may transfer all your

rights to use the Software to such Managing

Party, provided that (a) the Managing Party only

uses the Software for your internal operations

and not for the benefit of another third party or

the Managing Party; (b) the Managing Party

agrees to comply with the terms and conditions

of this Agreement, and (c) you provide McAfee

with written notice that a Managing Party will be

Using the Software on your behalf.

g) General Restrictions. You may not, nor allow

any third party to: (i) decompile, disassemble, or

reverse engineer the Software, except to the

extent expressly permitted by applicable law,

without McAfee‟s prior written consent; (ii)

remove any product identification or proprietary

rights notices of the Software or Documentation;

(iii) lease, lend, or use the Software for

timesharing or service bureau purposes; (iv)

modify or create derivative works of the

Software, (v) except with McAfee‟s prior written

permission, publish any performance or

benchmark tests or analysis relating to the

Software; or (vi) otherwise use or copy the

Software except as expressly provided herein.

4) Technical Support and Maintenance.

The McAfee Technical Support and Maintenance Terms

apply if you have purchased Support. The McAfee

Technical Support and Maintenance Terms are

incorporated by reference and can be found at

http://www.mcafee.com/us/support/support_terms_n_con

ditions.html. After the support or service subscription

period specified in a Grant Letter has expired, you have

no further rights to receive any Support including

Upgrades, Updates, and telephone support.

5) Limited Warranty and Disclaimer.

a) Limited Warranty. McAfee warrants that, for a

period of sixty (60) days from the purchase date

(“Warranty Period”), the Software licensed

hereunder (including Upgrades provided within

the Warranty Period for the remainder of the

Warranty Period) will perform substantially in

accordance with the Documentation.

b) Exclusive Remedy. In case of any breach of the

above limited warranty, McAfee will (a) repair or

replace the Software or (b) if such repair or

replacement would in McAfee‟s opinion be

commercially unreasonable, refund the price paid

by you for the applicable Software.

c) Exclusion of Warranty. The above Limited

Warranty will not apply if: (i) the Software is

not used in accordance with this Agreement or

the Documentation; (ii) the Software or any part

thereof has been modified by any entity other

than McAfee; or (iii) a malfunction in the

Software has been caused by any equipment or

software not supplied by McAfee.

d) Disclaimer. THE ABOVE WARRANTIES ARE

YOUR EXCLUSIVE WARRANTIES AND

REPLACE ALL OTHER WARRANTIES OR

CONDITIONS, EXPRESS OR IMPLIED,

INCLUDING BUT NOT LIMITED TO

WARRANTIES OR CONDITIONS OF

MERCHANTABILITY, SATISFACTORY

QUALITY, FITNESS FOR A PARTICULAR

PURPOSE, TITLE AND NON-

INFRINGEMENT. EXCEPT FOR THE

LIMITED WARRANTY SET FORTH ABOVE,

THE SOFTWARE IS PROVIDED "AS IS"

AND MCAFEE MAKES NO WARRANTY OR

GUARANTEE AS TO ITS USE OR

PERFORMANCE AND DOES NOT

WARRANT OR GUARANTEE THAT THE

OPERATION OF THE SOFTWARE WILL BE

FAIL SAFE, UNINTERRUPTED OR FREE

FROM ERRORS OR DEFECTS OR THAT

THE SOFTWARE WILL PROTECT AGAINST

ALL POSSIBLE THREATS.

e) Exceptions. Some states or jurisdictions do not

allow the exclusion of express or implied

warranties, so the above disclaimer may not

apply to you. IN THAT EVENT SUCH

EXPRESS OR IMPLIED WARRANTIES

SHALL BE LIMITED IN DURATION TO THE

WARRANTY PERIOD (OR THE MINIMUM

PERIOD REQUIRED BY THE APPLICABLE

LAW).

6) Limitation of Remedies and Damages

UNDER NO CIRCUMSTANCES AND

UNDER NO LEGAL THEORY, WHETHER

IN TORT, CONTRACT OR OTHERWISE,

SHALL EITHER PARTY BE LIABLE TO

THE OTHER FOR ANY INDIRECT,

SPECIAL, INCIDENTAL OR

CONSEQUENTIAL DAMAGES,

DAMAGES FOR LOSS OF PROFITS, LOSS

OF GOODWILL, LOSS OF PERSONNEL

SALARIES, WORK STOPPAGE, AND/OR

COMPUTER FAILURE OR

MALFUNCTION, AND/OR COSTS OF

PROCURING SUBSTITUTE SOFTWARE

OR SERVICES.

Regardless of whether the claim for such damages

is based in contract, tort and/or any other legal

theory, in no event shall either party‟s aggregate

liability to the other party for direct damages exceed

the lesser of:

http://www.mcafee.com/us/local_content/legal/product_entitlement_definitions.pdf

http://www.mcafee.com/us/local_content/legal/product_entitlement_definitions.pdf

http://www.mcafee.com/us/support/support_terms_n_conditions.html

http://www.mcafee.com/us/support/support_terms_n_conditions.html


a) the amount of total fees paid or payable by you for

the Software giving rise to such claim during the 12

months immediately preceding the event giving rise

to such claim, or

b) the applicable McAfee list price, at the date of the

purchase, for the Software giving rise to such claim

ordered by you during the 12 months immediately

preceding the event giving rise to such claim, even

if the other party has been advised of the possibility

of such damages.

No provision of this Agreement shall exclude or limit in

any way (i) the liability of either party for death or

personal injury caused by negligence, or (ii) your liability

for excess usage of, and/or any breach of McAfee‟s

intellectual property rights in the Software.

THE LIMITATION OF LIABILITY IN THIS SECTION

IS BASED ON THE FACT THAT END USERS USE

THEIR COMPUTERS FOR DIFFERENT PURPOSES.

THEREFORE, ONLY YOU CAN IMPLEMENT BACK-

UP PLANS AND SAFEGUARDS APPROPRIATE TO

YOUR NEEDS IN THE EVENT AN ERROR IN THE

SOFTWARE CAUSES COMPUTER PROBLEMS AND

RELATED DATA LOSSES. FOR THESE BUSINESS

REASONS YOU AGREE TO THE LIMITATIONS OF

LIABILITY IN THIS SECTION AND

ACKNOWLEDGE THAT WITHOUT YOUR

AGREEMENT TO THIS PROVISION, THE FEE

CHARGED FOR THIS SOFTWARE WOULD BE

HIGHER.

7) Intellectual Property Indemnity

a) Third party claims. McAfee shall defend and

hold you harmless from any claim by a third

party that the Software infringes any patent,

copyright or trade secret of that third party,

provided: (i) McAfee is notified promptly, and

in any event no later than within 14 days upon

your receipt of notice of the claim; (ii) McAfee

receives reasonable cooperation from you

necessary to perform McAfee‟s obligations

hereunder; and (iii) McAfee has sole control over

the defense and all negotiations for a settlement

or compromise of the claim. The foregoing

obligation of McAfee does not apply with respect

to Software or portions or components thereof:

(i) not supplied by McAfee; (ii) used in a manner

not expressly authorized by this Agreement or

the relevant Documentation (iii) made in

accordance with your specifications; (iv)

modified by anyone other than McAfee, if the

alleged infringement relates to such

modification; (v) combined with other products,

processes or materials where the alleged

infringement would not exist but for such

combination; or (vi) where you continue the

allegedly infringing activity after being notified

thereof and provided with modifications that

would have avoided the alleged infringement.

b) Remedy and Liability. In the event the Software

is held by a court of competent jurisdiction to

constitute an infringement or use of the Software

is enjoined, McAfee shall, at its sole option, do

one of the following: (i) procure for you the

right to continue use of the Software; (ii) provide

a modification to the Software so that its use

becomes non-infringing; (iii) replace the

Software with software which is substantially

similar in functionality and performance; or (iv)

if none of the foregoing alternatives is reasonably

available to McAfee, McAfee shall refund the

residual value of the purchase price paid by you

for the infringing Software, depreciated using a

straight line method of depreciation over a three

(3) year period from the date of delivery of the

Software to you. This Section 7 states McAfee‟s

sole liability and your exclusive remedy for

intellectual property infringement claims.

8) Termination

Without prejudice to your payment

obligations, you may terminate your license at

any time by de-installing the Software.

McAfee may terminate your license in the

event you materially breach the terms of this

Agreement and you fail to cure such breach

within thirty (30) days of receiving notice of

such breach. Upon such termination you shall

promptly return or destroy all copies of the

Software and Documentation.

9) Additional Terms.

a) Evaluation Software. If the Software has been

identified as “Evaluation Software”, then the

provisions of this section apply and shall

supersede any other conflicting term of this

agreement. Your royalty free, non-transferable,

limited license to use the Evaluation Software,

for evaluation purposes only, is limited to thirty

(30) days unless otherwise agreed to in writing

by McAfee. The Evaluation Software may

contain errors or other problems that could cause

system or other failures and data loss.

Consequently, Evaluation Software is provided

to you "AS-IS", and McAfee disclaims any

warranty or liability obligations to you of any

kind. Any information about the Evaluation

Software gathered from its use shall be used

solely for evaluation purposes only and shall not

be provided to any third parties. The restrictions

described in Section 3 g) apply. If you fail to

destroy the Evaluation Software after the

evaluation period has expired, McAfee may, at

its discretion, invoice you in an amount equal to

the McAfee List Price for the Evaluation

Software and you shall pay such invoice upon

receipt. WHERE LEGAL LIABILITY

CANNOT BE EXCLUDED, BUT MAY BE

LIMITED, MCAFEE‟S LIABILITY AND

THAT OF ITS SUPPLIERS AND

AUTHORIZED PARTNERS SHALL BE

LIMITED TO THE SUM OF FIFTY (50)

DOLLARS OR THE EQUIVALENT IN

LOCAL CURRENCY IN TOTAL.

b) Beta Software. If the Software you have

received has been identified “Beta” Software,

then the provisions of Section 9 a above shall

apply accordingly. McAfee has no obligation to

you to further develop or publicly release the

Beta Software. If requested by McAfee, you will

provide feedback to McAfee regarding testing

and use of the Beta Software, including error or

bug reports. You agree to grant McAfee a

perpetual, non-exclusive, royalty-free, worldwide

license to use, copy, distribute, make derivative

works and incorporate the feedback into any

McAfee product at McAfee‟s sole discretion.

Upon receipt of a later unreleased version of the

Beta Software or release by McAfee of a publicly

released commercial version of the Beta

Software you agree to return or destroy all earlier

Beta Software received from McAfee

c) “Free“ or “Open Source” Software. The product

may include programs or code that are licensed

under an Open Source Software (“OSS”) license

model. OSS programs and code are subject to

the terms, conditions and obligations of the

applicable OSS license, and are SPECIFICALLY

EXCLUDED FROM ALL WARRANTY AND

SUPPORT OBLIGATIONS DESCRIBED

ELSEWHERE IN THIS AGREEMENT.

10) Notice to United States Government End

Users.

The Software and accompanying

Documentation are deemed to be "commercial

computer software" and "commercial

computer software documentation,"

respectively, pursuant to DFAR Section

227.7202 and FAR Section 12.212, as

applicable. Any use, modification,

reproduction, release, performance, display or

disclosure of the Software and accompanying

Documentation by the United States

Government shall be governed solely by the

terms of this Agreement and shall be

prohibited except to the extent expressly

permitted by the terms of this Agreement.

11) Privacy.

a. By entering into this Agreement, you agree that

McAfee may collect, retain and use personally

identifiable data, including your name, address, e-

mail address and payment details. Your personal

information will be used primarily to provide

services and product functionality to you either by

McAfee or its contractors or business partners.

McAfee may also use your personal information

for additional communication with you subject to

applicable laws. By entering into this Agreement,

you agree to the transfer of your personal

information to McAfee offices worldwide for the

purposes stated above. For more detailed

information on the collection, use and transfer of

your personal information, please read the McAfee

privacy policy on the McAfee web site

(www.McAfee.com).

b. You acknowledge and agree that the Software may

contain functionality to detect and report threats

and vulnerabilities on your computer network.

Such functionality may automatically collect

information about your system (including without

limitation information regarding network, licenses

used, operating system types, versions, total

scanners deployed, database size etc) and submit

such consolidated information to McAfee.

12) Audit.

McAfee may, at its expense, upon reasonable

prior written notice to you and during standard

business hours, audit you with respect to your

compliance with the terms of this Agreement

no more than once per year. You understand

and acknowledge that McAfee utilizes a

number of methods to verify and support

software use by its customers. These methods

may include technological features of the

Software that prevent unauthorized use and

provide Software deployment verification.

Upon reasonable request, you will provide a

system generated report verifying your

Software deployment, such request to occur

no more than two (2) times per year. McAfee

will not unreasonably interfere with the

conduct of your business.

13) Export Controls.

You acknowledges that the Software is

subject to U.S. and when applicable, European

Union export regulations. You shall comply

with applicable export and import laws and

regulations for the jurisdiction in which the

Software will be imported and/or exported.

You shall not export the Software to any

individual, entity or country prohibited by

applicable law or regulation. You are

responsible, at your own expense, for any

local government permits, licenses or

approvals required for importing and/or

exporting the Software. For additional

information regarding exporting and

importing the Software, see

http://mcafee.com/us/about/export_complianc

e/index.html. McAfee reserves the right to

update this website from time to time at its

sole discretion.

14) Governing Law.

This Agreement will be governed by and

construed in accordance with the substantive

laws in force: (a) in the State of New York, if

you purchased the Software in the United

States, Mexico, Central America, South

America, or the Caribbean; (b) in the

Republic of Ireland, if you purchased the

Software in Canada, Europe, Middle East,

Africa, Asia (other than Japan), or the region

commonly referred to as Oceania; and (c) in

Japan if you purchased the Software in Japan.

If you purchased the Software in any other

country, then the substantive laws of the

Republic of Ireland shall apply, unless another

local law is required to be applied. This

Agreement will not be governed by the

conflict of laws rules of any jurisdiction or the

United Nations Convention on Contracts for

the International Sale of Goods, the

application of which is expressly excluded.

The Uniform Computer Information

Transactions Act as enacted shall not apply,

The United States District Court for the

Southern District of New York, when New

York law applies, the courts of the Republic

of Ireland, when the law of Ireland applies, the

courts of Japan when Japanese law applies,

shall each have non-exclusive jurisdiction

over all disputes relating to this Agreement.

15) Miscellaneous.

http://www.mcafee.com/

http://mcafee.com/us/about/export_compliance/index.html

http://mcafee.com/us/about/export_compliance/index.html


a) Except for actions for nonpayment or breach of

McAfee‟s proprietary rights in the Software and

Documentation, no action, regardless of form,

arising out of this Agreement may be brought by

either party more than 2 years after a party knew

or should have known of the claim.

b) Any terms of this Agreement which by their

nature should survive the termination of this

Agreement shall survive such termination.

c) This Agreement, including all documents

incorporated by reference, represents the entire

agreement between the parties, and expressly

supersedes and cancels any other

communication, representation or advertising

whether oral or written, on the subjects herein. If

you issue an order to an Authorized Partner or to

McAfee and the terms and conditions of the

order conflict with the terms and conditions of a)

this Agreement or b) of the Grant Letter, then the

terms and conditions specified in this Agreement

and in the Grant Letter shall control. This

Agreement may not be modified except by a

written addendum issued by a duly authorized

representative of McAfee. No provision hereof

shall be deemed waived unless such waiver shall

be in writing and signed by McAfee. If any

provision of this Agreement is held invalid, the

remainder of this Agreement shall continue in

full force and effect.

d) All notices, requests, demands, and determinations

for McAfee under this Agreement (other than

routine operational communications) shall be sent

to: the applicable entity address on the first page

of this Agreement addressed to “Attention: Legal

Department”.

16) Product Improvement Information

Collection Addendum

a) You understand and agree that the Software may

automatically collect data and information about

your computer system(s) to assist McAfee

in the provision, support and improvement of

McAfee software and services. All data and

information collected for these reasons are

anonymized prior to transmission to McAfee.

McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA Document Version:4.0 Product Version:Windows 5.1.0-6824, AIX 5.1.0-6823, Linux 5.1.0-6823, HP-UX 5.1.0-6823, Solaris 5.1.0-6823 Publication Date: December 2011


Table of Contents

PREFACE ..................................................................................................................................................... 1

ABOUT THIS GUIDE .................................................................................................................................... 1 AUDIENCE ................................................................................................................................................... 1 DOCUMENT ORGANIZATION ....................................................................................................................... 1 DOCUMENT CONVENTIONS ......................................................................................................................... 1 CONTACTING SUPPORT ............................................................................................................................... 2

PRODUCT FEATURES .............................................................................................................................. 3

WHAT‟S NEW IN THIS RELEASE ................................................................................................................... 3

SOLIDIFIER BASIC COMMAND REFERENCE ................................................................................... 4

BEGIN–UPDATE (BU) ................................................................................................................................... 4 END-UPDATE (EU) ....................................................................................................................................... 4 BEGIN-OBSERVE (BO) .................................................................................................................................. 5 END-OBSERVE (EO) ..................................................................................................................................... 5 ENABLE ....................................................................................................................................................... 6 DISABLE ...................................................................................................................................................... 7 HELP ........................................................................................................................................................... 7 HELP-ADVANCED ........................................................................................................................................ 8 LICENSE ...................................................................................................................................................... 8 PASSWD ....................................................................................................................................................... 9 SOLIDIFY (SO) ............................................................................................................................................. 9 STATUS ......................................................................................................................................................10 TRUSTED ....................................................................................................................................................11 UNSOLIDIFY (UNSO) ...................................................................................................................................14 UPDATERS ..................................................................................................................................................14 VERSION .....................................................................................................................................................17

SOLIDIFIER ADVANCED COMMAND REFERENCE .......................................................................18

ATTR ..........................................................................................................................................................18 AUTH ..........................................................................................................................................................22 CHECK ........................................................................................................................................................23 CERT ..........................................................................................................................................................24 SCGETCERTS.EXE .......................................................................................................................................24 CONFIG .......................................................................................................................................................25 DIAG ..........................................................................................................................................................26 EVENT ........................................................................................................................................................26 FEATURES ..................................................................................................................................................27 LIST-SOLIDIFIED (LS) ..................................................................................................................................28 LIST-UNSOLIDIFIED (LU) .............................................................................................................................29 LOCKDOWN ................................................................................................................................................29 RECOVER ....................................................................................................................................................30 READ-PROTECT (RP) ...................................................................................................................................30 WRITE-PROTECT (WP) .................................................................................................................................31 WRITE-PROTECT-REG (WPR) .......................................................................................................................32


1

Preface

About This Guide

The McAfee Solidifier Command Line Reference Guide (for Application Control) describes the

command-line interface commands used to provision and maintain McAfee® Solidifier

application for:

McAfee® Application Control

Please refer McAfee® Solidifier Product Guide (for Application Control) for an overview and

command usage of the Solidifier CLI.

This guide provides detailed information on each of the CLI commands.

Audience

The McAfee® Solidifier Command Line Reference Guide (for Application Control) is intended

for anyone who operates Solidifier application. You are expected to have a general understanding

of basic data communication concepts and some practical knowledge of Microsoft Windows and

UNIX operating systems.

Document Organization

This guide has the following chapters.

Chapter “Product features” provides the list of features available with list of new features

available in this release.

Chapter “Solidifier Basic Command Reference” describes the basic commands for

configuring and controlling Solidifier.

Chapter “Solidifier Advanced Command ReferenceX” describes the advanced commands for

configuring and controlling Solidifier.

Document Conventions

The following conventions distinguish different types of text:

Commands and keywords are in boldface.

In interactive examples, user input is in boldface.

In command syntax statements

Parameters (variables for which a specific value is to be typed) are in italics.

Optional arguments are in square braces [ ].

Alternative arguments are separated by vertical bars, and are grouped within curly braces {a | b |

c}.


2

Names of keys on the keyboard are in square braces, such as the [Tab] key.

A control key is indicated by a caret preceding a letter: ^A means Control-A.

Note means reader take note. Notes contain helpful suggestions or references to material not

covered in the guide.

Contacting Support

Contact Us | McAfee, Inc.: http://www.mcafee.com/us/about/contact-us.aspx

Homepage: http://www.mcafee.com/us/products/application-control.aspx

Technical Support ServicePortal: https://mysupport.mcafee.com/Eservice/Default.aspx

Phone: +1-800-937-2237

Product & Solutions: https://secure.mcafee.com/apps/downloads/my-products/login.aspx

http://www.mcafee.com/us/about/contact-us.aspx

http://www.mcafee.com/us/products/application-control.aspx

https://mysupport.mcafee.com/Eservice/Default.aspx

https://secure.mcafee.com/apps/downloads/my-products/login.aspx


3

Product features

Application Control uses dynamic white listing to ensure that only trusted applications run on

devices, servers and desktops. This provides IT with the greatest degree of visibility and control

over clients, and helps enforce software license compliance.

Here are some product features:

Protection - Protects your application from malware attack by proactively controlling the

applications on your desktops, laptops and servers.

Security - Locks down the protected endpoints against threats and unwanted changes, with no

file system scanning or other periodic activity that could impact system performance.

Dynamic white listing - Ensures that only trusted applications run on devices, servers, and

desktops. McAfee‟s dynamic white listing trust model eliminates the labor and cost associated

with other white listing technologies.

Integrate with ePolicy Orchestrator - Effective when integrated with McAfee ePolicy

Orchestrator (and also in standalone mode without network access). The product is designed to

operate in a variety of network and firewall configurations.

Transparency - Runs transparently on endpoints. It can be set up quickly with very low initial

and ongoing operational overhead and minimal impact on CPU cycles.

What’s new in this release

Reboot Free Activation - Option to set endpoints into Enabled mode without reboot. All features

except Memory Protection will be available without reboot. Memory Protection will

automatically be enabled on next reboot.

Observe Mode - A new endpoint state “Observe Mode”, Applications will not be prevented or

blocked from execution and observations (events) will be generated. The required actions on the

events of endpoint can be decided only at ePolicy Orchestrator.

Customizable End User Notifications - McAfee popup is generated if something is blocked by

Solidcore Protection. McTray will now collect all past notification details and this feature will be

available in ePO managed environment only.

Exception Handling - McTray will now list events for all the operations blocked by Application

Control and based upon which ePO admin can take actions. This feature also available in ePO

managed environment only.


4

Solidifier Basic Command Reference

begin–update (bu)

The begin-update command starts Update mode for performing software updates and

installations. On issuing this command:

If the Solidifier is currently in Enabled mode, then this command will change its state to

Update mode.

If the Solidifier is currently in Disabled mode, then McAfee Solidifier service restart will

change its state to Update mode.

OS Platform

Linux, Solaris, Windows

Syntax

sadmin begin-update [ workflow-id [ comment ]]

Syntax Description

sadmin begin-update [ workflow-id [ comment ]]

Begins the Update mode.

You can optionally specify an identification ID workflow-id and a description comment

for the current Update mode session. This information can be used for a Change

Management or Trouble Ticketing System.

If you do not provide these options, workflow-id is set to an automatically generated

string, AUTO_n, where n is a number that is incremented each time an Update window is

opened or an Updater is added.

Command Mode

This command is supported in Disabled mode and Enabled mode.

end-update (eu)

The end-update command ends the Update mode and changes the Solidifier‟s operational mode

from Update to Enabled.

OS Platform


Syntax

sadmin end-update


5

Syntax Description

sadmin end-update

Ends Update mode and moves the Solidifier to Enabled mode.

Command Mode

This command is supported in Update mode only.

begin-observe (bo)

The begin-observe command starts Observe mode on the system.

Applications will not be prevented or blocked from execution and observations (events) will be

generated. The required actions on the events of endpoint can be decided by ePolicy Orchestrator.

This feature is useful for ePO managed environment only.

OS Platforms

Windows

Syntax

begin-observe [workflow-id [comment]]

Syntax description

begin-observe [workflow-id [comment]]

You can also specify a workflow-id and a description comment for begin-observe mode session.

This information can be used for Change Management or Trouble Ticketing System.

workflow-id

This workflow-id can be used to track changes made to the system in observation mode

during the observe window.

Comment

Provide a descriptive text for the workflow-id.

Command Mode

This command is supported in Disabled mode and Enabled mode. When command is run

from disabled mode, Solidcore will enter observe mode on next reboot.

end-observe (eo)

The end-observe command can be used to end the observation mode on the system and it

changes the Solidifier‟s operational mode from Observe to Enabled or Disabled.


6

OS Platforms

Windows

Syntax

sadmin end-observe [ -d | -u ]

Syntax description

sadmin end-observe -d

This command disables the McAfee Application Control at end of observation mode. If

this option is not provided, McAfee Application Control will be in observe mode and on

the next boot the observe mode will be Disabled.

sadmin end-observe -u

This command denies all file changes during observation mode. If this option is not

provided all file changes during Observation mode will be authorized after end of

Observe.

sadmin end-observe -u -d

This command denies the file changes during observation mode, disables McAfee

Application Control at the end of observation mode and sets the Solidifier state to

Disabled for next boot.

Command Mode

This command is supported in Observe mode only.

enable

The enable command can be used to enable the Solidifier, and is possible only after the

execution of sadmin so command which generates the whitelist. The sadmin enable

command changes the Solidifier‟s operational mode from Disabled to Enabled by restarting the

McAfee Solidifier service, but this will not include the memory-protection feature, as this feature

needs a reboot.

The status command reflects this change of operational mode. It allows only authorize

applications.

OS Platforms


Syntax

sadmin enable


7

Command Mode

This command is supported in Disabled mode only.

disable

The disable command disables the Solidifier. It changes the Solidifier‟s operational mode from

Enabled or Update to Disabled and is effective after the next reboot. The status command reflects

this change of operational mode.

OS Platform


Syntax

sadmin disable

Command Mode

This command is supported in Enabled mode and Update mode.

help

The help command provides help information for basic Solidifier commands.

Module Supported

Change Control Module, Run-time Control Module

OS Platforms


Syntax

sadmin help

sadmin help command

Syntax Description

sadmin help

Lists the summary description for basic Solidifier CLI commands.

sadmin help command

Lists the detailed help for command command.

Command Mode

This command can be issued in any mode.


8

help-advanced

The help-advanced command provides help information for advanced Solidifier commands.

OS Platforms


Syntax

sadmin help-advanced

sadmin help-advanced command

Syntax Description

sadmin help-advanced

Lists summary description of advanced Solidifier CLI commands.

sadmin help-advanced command

Lists the detailed help for advanced command command.

Command Mode


license

The license command displays the licensing information of the product and also allows you to

add the product license.

OS Platforms


Syntax

sadmin license add licensekey

sadmin license list

Syntax Description

sadmin license add licensekey

Adds license licensekey.

sadmin license list

Lists the currently installed licenses.

Command Mode

The sadmin license list command can be issued in any mode. The sadmin license add

command can be issued in Disabled mode only.


9

passwd

The passwd command is used to set password for the Solidifier Command line interface.

Once the password has been set, critical sadmin commands can only be executed on verification

of the password.

OS Platforms


Syntax

sadmin passwd

sadmin passwd -d

Syntax Description

sadmin passwd

Sets the password for Solidifier CLI.

When the sadmin passwd command is executed for the first time, you are prompted for

a new password and then prompted to re-enter the new password for re-confirmation.

Once a password has been set, subsequent issuance of the sadmin passwd command

additionally prompts for the existing password before prompting for the new password

twice (for entry and confirmation).

sadmin passwd -d

Clears the password for Solidifier CLI.

Command Mode


solidify (so)

The solidify command generates white list, files in a folder/directory, or files of a system

volume.

OS Platforms


Syntax (Linux, Solaris, Windows)

sadmin solidify

sadmin solidify [ –q | –v ] filename1 ... filenameN

sadmin solidify [ –q | –v ] directoryname1 ... directorynameN

sadmin solidify [ –q | –v ] volumename1 ... volumenameN

Syntax Description (Linux, Solaris, Windows)

sadmin solidify

Solidifies all supported files (recursively) on all supported volumes.


10

sadmin solidify [ –q | –v ] filename1 ... filenameN

Solidifies files filename1 ... filenameN.

If the –q argument is specified, only error messages are displayed. All other messages are

written to the Solidifier Log. If the –v argument is specified; all messages are displayed

as well as written to the Solidifier Log. If neither the –q argument nor the –v argument

are specified, the messages are only written to the Solidifier Log.

sadmin solidify [ –q | –v ] directoryname1 ... directorynameN

Solidifies all supported files (recursively) under folders/directories directoryname1 ...

directorynameN.





sadmin solidify [ –q | –v ] volumename1 ... volumenameN

Solidifies all supported files (recursively) under system volumes volumename1 ...

volumenameN.





Command Mode


status

The status command displays the current status of the Solidifier in terms of operational mode,

its connectivity status with ePolicy Orchestrator Managed, access status of the Local CLI, etc.

OS Platforms


Syntax

sadmin status

sadmin status volumename

Syntax Description

sadmin status

Lists the Solidifier status across all supported volumes.

sadmin status volumename

Lists the Solidifier status for system volume volumename.


11

Usage Details

1. An example of output of the sadmin status command on the Windows platform is as

follows:

McAfee Solidifier: Enabled

McAfee Solidifier on reboot: Enabled

ePO Managed: Yes

Local CLI access: Recovered

[fstype] [status] [driver status] [volume]

* NTFS Solidified Attached C:\

The asterisk (*) character prefix indicates the main file system of the primary partition

(C:\ for Windows).

The fstype column indicates the file system type for the volume as NTFS or FAT (for

Windows).

The driver status shows the driver status for the volume - attached indicates

that driver is loaded for the particular volume and Solidifier is in Enable mode or

unattached indicates that Solidifier is in Disable mode for the particular volume.

2. An example of output of the sadmin status command on the UNIX platforms is as follows:

McAfee Solidifier: Enabled

McAfee Solidifier on reboot: Enabled

ePO Managed: 192.168.16.163:51827

Local CLI access: Recovered

[fstype] [status] [driver status] [volume]

* ext3 Solidified Attached /

ext2 Solidified Attached /ext2

The asterisk (*) character prefix indicates the root file system (/ for UNIX).

The fstype column indicates the file system type for the volume.

The driver status shows the driver status for the volume - attached indicates

that driver is loaded for the particular volume and Solidifier is in Enable mode or

unattached indicates that Solidifier is in Disable mode for the particular volume.

Command Mode


trusted

The trusted command allows execution of files located on the remote share and any of the

local share by establishing it as a trusted volume set. Using this command, you can include,

exclude, remove, list or flush trusted volumes.


12

OS Platforms


Syntax (Windows)

sadmin trusted -i volumesetname1 ... volumesetnameN

sadmin trusted -i pathname1 ... pathnameN

sadmin trusted -e volumesetname1 ... volumesetnameN

sadmin trusted -e pathname1 ... pathnameN

sadmin trusted –u volumesetname1…..volumesetnameN

sadmin trusted –u pathname1….pathnameN

sadmin trusted -r volumesetname1 ... volumesetnameN

sadmin trusted -r pathname1 ... pathnameN

sadmin trusted [-l ]

sadmin trusted -f

Syntax (Linux, Solaris)




sadmin trusted [-l]

sadmin trusted -f

Syntax Description (Windows)

sadmin trusted -i volumesetname1 ... volumesetnameN

Adds trusted volume rules for volumes volumesetname1 ... volumesetnameN and allows

execution of all files on these volumes.


Adds trusted path rules for paths pathname1 ... pathnameN and allows execution of all

files on these paths.

sadmin trusted -e volumesetname1 ... volumesetnameN

Adds trusted volume rules to exclude volumes volumesetname1 ... volumesetnameN from

the trusted volumes list.

Use this command to exclude from the trusted volumes list those volumes belonging to a

trusted group of volumes.


Adds trusted path rules to exclude paths pathname1 ... pathnameN from the trusted paths

list.

Use this command to exclude from the trusted paths list those paths belonging to a trusted

group of paths.

sadmin trusted –u volumesetname1 ... volumesetnameN

Includes the volume set in trusted group, allow execution of ALL files from this volume

set and run all binaries/scripts from this volume set as updaters.

sadmin trusted –u pathname1 … pathnameN

Includes the paths set in trusted group, allow execution of ALL files from this path and

run all binaries/scripts from this path as updaters.

sadmin trusted -r volumesetname1 ... volumesetnameN


13

Removes trusted volume rules for volumes volumesetname1 ... volumesetnameN.

These trusted volume rules may have been added using the –i argument or the –e

argument.


Removes trusted path rules for paths pathname1 ... pathnameN.

These trusted path rules may have been added using the –i argument or the –e argument.


Lists all trusted volume and path rules.

Note: The list sub-command is optional.

sadmin trusted -f

Deletes all trusted volume and path rules.

Syntax Description (Linux, Solaris)


Adds trusted path rules for paths pathname1 ... pathnameN and allows execution of all

files on these paths.


Adds trusted path rules to exclude paths pathname1 ... pathnameN from the trusted path

list.

Use this command to exclude from the trusted path list those paths belonging to a trusted

group of paths.


Removes trusted path rules for paths pathname1 ... pathnameN.

These trusted path rules may have been added using the –i argument or the –e argument.


Lists all trusted path rules.

Note: The list sub-command is optional.

sadmin trusted -f

Deletes all trusted path rules.

Usage Guidelines

1. The volume names volumesetname can be specified on the Windows platform in any of the

following ways:

\\servername\\sharename – specific share sharename exported by the server servername

\\servername - all shares exported by server servername

\\* - all shares exported by all servers

2. The pathname pathname can be specified on Windows platform in the following way:


14

C:\Windows\*\drivers

3. The pathname pathname can be specified on UNIX platform in the following way:

/usr/local/

Command Mode


unsolidify (unso)

This unsolidify command is used to remove the files, folders or volumes from the white list.

OS Platforms


Syntax (Linux, Solaris, Windows)

sadmin unso< resource name>

Syntax Description (Linux, Solaris, Windows)

sadmin unso<resource name>

This command is to remove the given file or folder or volume from the white list.

Command Mode


updaters

The updaters command adds, deletes, lists or flushes programs in the list of authorized

updaters.

OS Platforms


Syntax (Windows)

sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] exename

sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] -l libraryname exename

sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] -p parent-exename exename

sadmin updaters add [ -t rule-id ] –u username

sadmin updaters add scriptname

sadmin updaters remove exename

sadmin updaters remove -l libraryname exename

sadmin updaters remove -p parent-exename exename

sadmin updaters remove -u username

sadmin updaters remove scriptname

sadmin updaters list

sadmin updaters flush


15


sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] { binaryname | scriptname }

sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] [ -p parent-programname ] {

binaryname | scriptname }

sadmin updaters remove { binaryname | scriptname }

sadmin updaters remove [ -p parent-programname ] { binaryname | scriptname }



Syntax Description (Windows)

sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] exename

Adds an updater rule for execution file exename.

If the –d argument is specified, the child processes of execution file exename are not

included in the updater rule.

If the –n argument is specified, the logging is disabled.

If the –t argument is specified, the tag rule-id will be present in the Event Log for all the

files processed due to this updater rule.

sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] -l libraryname exename


The updater rule is applicable only when the associated library libraryname is also

loaded.






sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] -p parent-exename exename


The updater is applicable only when the parent execution file parent-exename is also

running.






sadmin updaters add [ -t rule-id ] –u username

Adds an updater rule for user username so that all update events by the user are

authorized.



sadmin updaters add scriptname


16

Adds an updater rule for script scriptname so that all update events by the scripts are

authorized.

sadmin updaters remove exename

Removes the updater rule for execution file exename.

sadmin updaters remove -u username

Removes the updater rule for user username.

sadmin updaters remove -l libraryname exename

Removes the updater rule for execution file exename having associated library

libraryname.

sadmin updaters remove -p parent-exename exename

Removes the updater rule for execution file exename having associated parent execution

file parent-exename.

sadmin updaters remove scriptname

Removes the updater rule for script scriptname.


Lists all updater rules.


Deletes all updater rules.


sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] { binaryname | scriptname }

Adds an updater rule for execution file binaryname or scriptname.

If the –d argument is specified, the child processes of execution file binaryname or

scriptname are not included in the updater rule.




sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] { -p parent-programname } {

binaryname | scriptname }

Adds an updater rule for execution file binaryname or scriptname.

The updater is applicable only when the parent execution file parent-programname is

also running.

If the –d argument is specified, the child processes of execution file binaryname or

scriptname are not included in the updater rule.




sadmin updaters remove { binaryname | scriptname }

Removes the updater rule for execution file binaryname or scriptname.

sadmin updaters remove [ -p parent-programname ] { binaryname | scriptname }


17

Removes the updater rule for execution file binaryname or scriptname having associated

parent execution file parent-programname.


Lists all updater rules.


Deletes all updater rules.

Usage Guidelines

The absolute path of the executable should be specified. Either the file name alone or one or more

folders/directories up the tree is specified. If 'dir\file.exe' is specified, the rule applies if and only

if, 'file.exe' is in a folder/directory named 'dir'. On Windows, full path names containing the drive

letter or starting with a slash character are not a valid entry for the rule names; such names are

ignored. For example, if you specify „c:\foo\bar.exe‟, the updater rule is added for

\foo\bar.exe ignoring the drive letter.

Command Mode


version

The version command displays the version of the Application Control installed on the system.

OS Platforms


Syntax

sadmin version

Command Mode



18

Solidifier Advanced Command Reference

attr

The attr command is used to modify or list the Solidifier‟s configuration attributes list.

The following configuration attributes are supported by the attr command:

Table 1: Supported Configuration Attributes

Attribute Argument Windows (x86)

Windows (x64)

UNIX

Always authorized attribute -a Y Y Y

Bypassed from memory control attribute -b Y N N

Bypass from mp-casp -c Y N N

Bypassed from process stack randomization attribute

-d Y N N

Rebase dll attribute -e Y N N

Full crawl attribute -f Y N N

Bypassed from installer detection attribute -i Y N N

Bypass from anti-debug -l Y N N

Process context file operations bypass attribute

-p Y Y Y

Process context file operations bypass attribute (conditional)

-o Y Y Y

Bypassed from dll relocation attribute -r Y N N

Always unauthorized attribute -u Y Y Y


19

Attribute Argument Windows (x86)

Windows (x64)

UNIX

Bypassed from DEP protection attribute -n N Y N

Note: You can specify one or more configuration attributes in any combination.

The second column lists the corresponding argument to be used for the attributes.

OS Platforms


Syntax (Windows x86)

attr add -a | -b | -c | -d | -e | -f | -i | -l | -p | -r | -u FILE ...

attr add -o parent=PARENT_FILE -p FILE

attr remove [-a | -b | -c | -d | -e | -f | -i | -l | -p | -r | -u ] FILE ...

attr list [-a | -b | -c | -d | -e | -f | -i | -l | -p | -r | -u ] [FILE ...]

attr flush [-a | -b | -c | -d | -e | -f | -i | -l | -p | -r | -u ]

Syntax (Windows x64)

attr add -a | -i | -n | -p | -u FILE ...


attr remove [-a | -i | -n | -p | -u ] FILE ...

attr list [-a | -i | -n | -p | -u ] [FILE ...]

attr flush [-a | -i | -n | -p | -u ]


sadmin attr add [ -a | -p | -u ] filename1 ... filenameN

sadmin attr add –o parent=filename2 –p filename1

sadmin attr remove [ -a | -p | -u ] filename1 ... filenameN

sadmin attr list [ -a | -p | -u ] [ filename1 ... filenameN ]

sadmin attr flush [ -a | -p | -u ]

Syntax Description (Windows x86)

attr add -a | -b | -c | -d | -e | -f | -i | -l | -p | -r | -u FILE ...

Adds a Solidifier Configuration attribute to solidified files filename1 ... filenameN.

Use the attribute argument based on “Table 1: Supported Configuration AttributesX”.

Note: You must specify the argument for at least one configuration attribute with the

sadmin attr add command.


(Windows only) Adds the –p Solidifier Configuration attribute to solidified file

filename1 so that it can pass-thru if and only if it was invoked by filename2.

attr remove [-a | -b | -c | -d | -e | -f | -i | -l | -p | -r | -u ] FILE ...

Removes the Solidifier Configuration attribute set on solidified files filename1 ...

filenameN.


20


Note: You need not specify any argument for configuration attributes with the

sadmin attr remove command. When no arguments for any configuration attribute are

specified, it is assumed that arguments for all configuration attributes have been

specified.

attr list [-a | -b | -c | -d | -e | -f | -i | -l | -p | -r | -u ] [FILE ...]

Lists Solidifier Configuration attributes set on solidified files filename1 ... filenameN.


If file names are not specified, the configuration attributes for all solidified files are

listed.


sadmin attr list command. When no arguments for any configuration attribute are


specified.

attr flush [-a | -b | -c | -d | -e | -f | -i | -l | -p | -r | -u ]

Removes the specified Solidifier Configuration attribute(s) from all files.


Note: When no arguments for any configuration attribute are specified with the

sadmin attr flush command, it is assumed that arguments for all configuration

attributes have been specified and hence, all Solidifier Configuration attributes from all

files are removed.

Syntax Description (Windows x64)

attr add -a | -i | -n | -p | -u FILE ...






(Windows only) Adds the –p Solidifier Configuration attribute to solidified file

filename1 so that it can pass-thru if and only if it was invoked by filename2.

attr remove [-a | -i | -n | -p | -u ] FILE ...


filenameN.





specified.

attr list [-a | -i | -n | -p | -u ] [FILE ...]


21




listed.




specified.

attr flush [-a | -i | -n | -p | -u ]






files are removed.


sadmin attr add [ -a | -p | -u ] filename1 ... filenameN






Adds the –p Solidifier Configuration attribute to solidified file filename1 so that it can

pass-thru if and only if it was invoked by filename2.

sadmin attr remove [ -a | -p | -u ] filename1 ... filenameN


filenameN.





specified.

sadmin attr list [ -a | -p | -u ] [ filename1 ... filenameN ]




listed.




22


specified.

sadmin attr flush [ -a | -p | -u ]






files are removed.

Command Mode


auth

The auth command is used to declare applications that are allowed to be run on your system (whitelist applications) and applications that are banned from running on your system (blacklist applications). You can declare any application (executables, installers, or batch files) as a whitelist application or a blacklist application. These applications may be locally installed or invoked applications or may be installed in or invoked from a shared drive.

OS Platforms

Windows

Syntax

auth [ -a [ -t RULE-ID] [ -u | [ -c CHECKSUM ]] ]

auth -b [ -t RULE-ID] -c CHECKSUM

auth -r [ CHECKSUM ]

auth -l

auth -f

Syntax Description

sadmin auth [ -a [ -t RULE-ID] [ -u | [ -c CHECKSUM ]] ]

Declares application indicated by RULE-ID or CHECKSUM or VERSION as an

authorized application.

CHECKSUM is the SHA1 hash value of the application file. VERSION is the application

version details in Product name\Product version format.

If the –u argument is specified, the application is registered as an authorized updater

application.

sadmin auth -b [ -t RULE-ID] -c CHECKSUM

Declares application indicated by RULE-ID or CHECKSUM or VERSION as a banned

application.


23

CHECKSUM is the SHA1 hash value of the application file. VERSION is the application

version details in Product name\Product version format.

sadmin auth –r CHECKSUM | VERSION

Removes the registration of application indicated by CHECKSUM or VERSION as an

authorized or a banned application.

sadmin auth –l

Lists all registrations added till now.

sadmin auth –f

Removes all registrations.

check

The check command checks consistency of the specified file set (solidified files) with the stored

file checksum, etc. in inventory. If no file set is specified, then all supported volumes are checked

for consistency.

OS Platforms


Syntax

sadmin check [ -r ]

sadmin check [ -r ] filename1 ... filenameN

sadmin check [ -r ] directoryname1 ... directorynameN

sadmin check [ -r ] volumename1 ... volumenameN

Syntax Description

sadmin check [ -r ]

Checks file consistency of all solidified files in all supported volumes against the stored

file information.

If the –r argument is specified, any inconsistencies found are also fixed.

sadmin check [ -r ] filename1 ... filenameN

Checks file consistency of solidified files filename1 ... filenameN against the stored file

information.


sadmin check [ -r ] directoryname1 ... directorynameN

Checks file consistency of all solidified files under folders/directories directoryname1 ...

directorynameN against the stored file information.


sadmin check [ -r ] volumename1 ... volumenameN

Checks file consistency of all solidified files under system volumes volumename1 ...

volumenameN against the stored file information.



24

Command Mode


cert

The cert command is used to manage certificate files. The command adds, removes, or lists

certificate files to Solidifier Certificates store (the <McAfee Solidifier-dir>/Certificates folder).

Note: Use the scgetcerts.exe utility to generate certificate files for signed installers.

OS Platforms

Windows

Syntax

sadmin cert add [ -u ] FILE ...

sadmin cert add -c X509PEM ...

sadmin cert remove -c X509PEM ...

sadmin cert remove SHA1 ...

sadmin cert list [ -d | -u ]

sadmin cert flush

Syntax Description

sadmin cert add [ -u ] FILE ...

Adds certificate file certfilename to McAfee Solidifier Certificates store.

sadmin cert remove SHA1 ...

Removes certificate file certfilename from McAfee Solidifier Certificates store.

sadmin cert list [ -d | -u ]

Lists all certificates registered in McAfee Solidifier Certificates store.

sadmin cert flush

Remove all the certificates from the McAfee Solidifier Certificates store.

scgetcerts.exe

This sets a new flag for extraction of certificate that has been added to scgetcerts.exe.

scgetcerts.exe [<FILEPATH: filename|directory>] [OUTPUT PATH] [--cab] <-A> <-O>

<-n|-c> [<DOMAIN>] [<USERNAME>] [<PASSWORD>]

This utility dumps the Installer Info and/or extracts all certificates from Authenticode Signature.

FILEPATH

This option is to specify the filename or directory name of the file to be processed. If a directory

is specified, certificates and information will be extracted recursively from all the files in the

specified folder. This file is located in Installation directory: \McAfee\Solidcore\tools.


25

OUTPUT PATH

This option is to specify the directory to store certificates and/or installer Information.

-cab Specify this option if cert needs to be extracted from a cab file.

-O Mandatory if --cab is specified.

-A Optional, use to extract all the certificates from installer/file. By default only root

certificate is extracted.

-O Optional, Use if only the certificates are required and additional info is not

required. Not optional if --cab is specified.

-c Specify this option to check if the FILEPATH is accessible on the network.

-n Optional, Use to Provide Authentication for the FILEPATH on the network. If -n

option is specified FILEPATH should be a directory.

The DOMAIN, USERNAME, and PASSWORD options need to be specified when -n or -c flag is passed.

The certificates extracted will be stored in files named on the basis of SHA1 of Issuer & Serial

No.

config

The config command is used to export configuration of Solidifier installation to a file or import

configuration from a file. The configuration settings are applied to current installation once the

import operation completes successfully.

OS Platforms


Syntax

sadmin config export filename

sadmin config import [ -a ] filename

sadmin config set NAME=VALUE

sadmin config show

Syntax Description

sadmin config export filename

Exports the current configuration settings to file filename.

sadmin config import [ -a ] filename

Imports the configuration settings of file filename.

Then, the existing configuration settings are overwritten by the configuration settings

available in the file filename.


26

If you specify the –a argument, the configuration settings available in the file filename

are appended to the existing configuration settings.

sadmin config set NAME=VALUE

Sets the value of the configuration setting NAME to VALUE.

sadmin config show

Lists the configuration settings.

Command Mode


diag

The diag command determines interoperability configuration for programs on the system.

OS Platforms

Windows

Syntax

sadmin diag

sadmin diag fix [ -f ]

Syntax Description

sadmin diag

Identifies candidate Auto-Updaters and provides the command syntax for authorizing

such programs to perform updates when they execute.

sadmin diag fix [ -f ]

Identifies and applies candidate Auto-Updaters for authorizing such programs to perform

updates when they execute.

If the –f argument is specified, the restricted programs are also included.

Command Mode

This command can be issued in Enabled mode and Update mode only.

event

The event command lets you configure the log targets (sinks) for generated change events.

OS Platforms


Syntax

sadmin event sink

sadmin event sink eventname


27

sadmin event sink -a { eventname | ALL } { sinkname | ALL }

sadmin event sink -r { eventname | ALL } { sinkname | ALL }

sinkname (on Windows)::= debuglog | oslog | sc | popup

sinkname (on UNIX)::= debuglog | oslog | sc

Syntax Description

sadmin event sink

Lists all Solidifier events and their associated sink types.

sadmin event sink eventname

Lists the associated sink types for event eventname.

sadmin event sink -a { eventname | ALL } { sinkname | ALL }

Specifies that the event eventname should be logged in sink type sinkname.

You can also specify ALL as the event name so that the specified sink type is applicable

for all events. Similarly, you can specify ALL as the sink type name so that the specified

event is logged with all sink types. Also, you can specify ALL as both the event name

and the sink type name so that all events are logged with all sink types.

You can also specify the command multiple times to add more than one sink type for an

event.

sadmin event sink -r { eventname | ALL } { sinkname | ALL }

Removes the association of event eventname with sink type sinkname so that event

eventname is no longer logged with sink type sinkname.

You can also specify ALL as the event name so that all events are disassociated from the

specified sink type. Similarly, you can specify ALL as the sink type name so that the

specified event is disassociated from all sink types.

Note: While you can specify ALL as both the event name and the sink type name so that

all event-sink associations are removed, it is not a recommended use model.

You can also specify the command multiple times to disassociate more than one user-

specified sink type for an event.

Command Mode


features

The features command can be used to enable or disable a feature. A complete listing of the

features along with their operational state can also be obtained using this command.

OS Platform


Syntax

sadmin features enable featurename


28

sadmin features disable featurename

sadmin features [ list ]

Syntax Description

sadmin features enable featurename

Adds feature featurename to the allowed features list.

sadmin features disable featurename

Removes feature featurename from the allowed features list.

sadmin features [ list ]

Lists all Solidifier features and their current status (allowed or not allowed).

Note: The list argument is optional.

Command Mode


list-solidified (ls)

The list-solidified command displays the list of solidified files, folders/directories, or

volumes (Windows only).

OS Platforms


Syntax

sadmin list-solidified [ -l ]

sadmin list-solidified [ -l ] filename1 ... filenameN

sadmin list-solidified [ -l ] directoryname1 ... directorynameN

sadmin list-solidified [ -l ] volumename1 ... volumenameN

Syntax Description

sadmin list-solidified [ -l ]

Lists all solidified files, folders/directories, and volumes.

If the –l argument is specified, solidification details are also listed.

sadmin list-solidified [ -l ] filename1 ... filenameN

Lists all solidified files out of files filename1 ... filenameN.


sadmin list-solidified [ -l ] directoryname1 ... directorynameN

Lists all solidified files under folders/directories directoryname1 ... directorynameN.


sadmin list-solidified [ -l ] volumename1 ... volumenameN

Lists all solidified files under volumes volumename1 ... volumenameN.


29


Command Mode


list-unsolidified (lu)

The list-unsolidified command lists unsolidified files.

OS Platforms


Syntax

sadmin list-unsolidified

sadmin list-unsolidified filename1 ... filenameN

sadmin list-unsolidified directoryname1 ... directorynameN

sadmin list-unsolidified volumename1 ... volumenameN

Syntax Description

sadmin list-unsolidified

Lists all unsolidified files, folders/directories, and volumes.

sadmin list-unsolidified filename1 ... filenameN

Lists all unsolidified files out of files filename1 ... filenameN.

sadmin list-unsolidified directoryname1 ... directorynameN

Lists all unsolidified files under folders/directories directoryname1 ... directorynameN.

sadmin list-unsolidified volumename1 ... volumenameN

Lists all unsolidified files under volumes volumename1 ... volumenameN.

Command Mode


lockdown

The lockdown command disables the local CLI.

Under the lockdown, no commands (other than help, help-advanced, status, version, lockdown, recover, and license) can be executed.

OS Platforms


Syntax

sadmin lockdown


30

Command Mode


recover

The recover command enables a local administrator to recover the local CLI. It should be used

when Solidifier-ePolicy Orchestrator (ePO) Managed communication is down. It prompts for

password if it has been set.

OS Platforms


Syntax

sadmin recover

Command Mode


read-protect (rp)

The read-protect command modifies or displays the read protection rules and by default it is

Disabled.

Note: Unlike other commands, you must specify complete file or folder/directory names with the

read-protect command.

OS Platforms


Syntax

sadmin read-protect [ -i ] pathname1 ... pathnameN

sadmin read-protect -e pathname1 ... pathnameN

sadmin read-protect -r pathname1 ... pathnameN

sadmin read-protect -l

sadmin read-protect -f

Syntax Description

sadmin read-protect [ -i ] pathname1 ... pathnameN

Adds read-protection rules for paths pathname1 ... pathnameN.

These paths can be simple file names, complete file names, folder/directory names, and

volume names.

Note: The –i argument is optional.

sadmin read-protect -e pathname1 ... pathnameN


31

Adds read-protection rules to exclude paths pathname1 ... pathnameN from read-

protection.

Use this command to exclude from read-protection specific paths belonging to a read-

protected group of paths (folders/directories and volumes).

sadmin read-protect -r pathname1 ... pathnameN

Deletes all read-protection rules for paths pathname1 ... pathnameN.

These read-protection rules may have been added using the –i argument or the –e

argument.

sadmin read-protect –l

Lists all read-protection rules.

sadmin read-protect -f

Removes all read-protection rules.

Command Mode


write-protect (wp)

The write-protect command write-protects specified files including solidified files.

Note: Unlike other commands, you must specify complete file or folder/directory names with the

write-protect command.

OS Platforms


Syntax

sadmin write-protect [ -i ] pathname1 ... pathnameN

sadmin write-protect -e pathname1 ... pathnameN

sadmin write-protect -r pathname1 ... pathnameN

sadmin write-protect -l

sadmin write-protect -f

Syntax Description

sadmin write-protect [ -i ] pathname1 ... pathnameN

Adds write protection rules for paths pathname1 ... pathnameN.

These paths can be simple file names, complete file names, folder/directory names, and

volume names.


sadmin write-protect -e pathname1 ... pathnameN


32

Adds write protection rules to exclude paths pathname1 ... pathnameN from write

protection.

Use this command to exclude from write-protection specific paths belonging to a write-

protected group of paths (folders/directories and volumes).

sadmin write-protect -r pathname1 ... pathnameN

Deletes all write-protection rules for paths pathname1 ... pathnameN.

These write-protection rules may have been added using the –i argument or the –e

argument.

sadmin write-protect –l

Lists all write-protection rules.

sadmin write-protect –f

Removes all write-protection rules.

Command Mode


write-protect-reg (wpr)

The write-protect-reg command is used to modify or display the enforcement protection

rules.

OS Platforms

Windows

Syntax

sadmin write-protect-reg [ -i ] registrykeyname1 ... registrykeynameN

sadmin write-protect-reg -e registrykeyname1 ... registrykeynameN

sadmin write-protect-reg -r registrykeyname1 ... registrykeynameN

sadmin write-protect-reg -l

sadmin write-protect-reg –f

Syntax Description

sadmin write-protect-reg [ -i ] registrykeyname1 ... registrykeynameN

Includes registry keys registrykeyname1 ... registrykeynameN for enforcement protection.


sadmin write-protect-reg -e registrykeyname1 ... registrykeynameN

Excludes registry keys registrykeyname1 ... registrykeynameN from enforcement

protection.

Use this command to exclude from enforcement protection specific registry keys

belonging to a protected group of registry keys.

sadmin write-protect-reg -r registrykeyname1 ... registrykeynameN


33

Removes the enforcement protection rules corresponding to registry keys

registrykeyname1 ... registrykeynameN.

sadmin write-protect-reg -l

Lists all enforcement protection rules.

sadmin write-protect-reg –f

Deletes all enforcement protection rules.

Command Mode


Documents

McAfee® Solidifier Command Line Reference Guide (for ... · McAfee Technical Support and Maintenance Terms. i) “Updates” are related to content and include without limitation