A brief training for Application and Chang Control

Getting Started With Application and Change Control ——2018-12-14

1. What is solidcore
2. How does solidcore work
3. How does solidcore get the reputation

 

What is solidcore:
Application control + Change control + Integrity Control
-MAC is McAfee Application Control , almost every case is related to MAC
-MCC is McAfee Change Control
-FIM is Integrity Control

 

How does solidcore work:
Solidcore worked by reputation - in short if reputation is trusted then allow to run, else block

 

How does solidcore get the reputation:
By solidify or collect inventory

 

Example of Detail issue:
1. How to deploy solidcore on a fresh system
2. How to use solidcore
3. Failed to open a third-party program in enable mode

 

How to deploy solidcore on a fresh system:
If deploy via ePO , check in package and extensions > config credential in server settings - solidcore to activated function (application control / change control ) > deploy product in client task or product deployment

 

How to use solidcore:
First is activate function then collect inventory in observe mode , after collecting then enable solidcore

 

Failed to open a third-party program in enable mode/slow performance of third-party program
First please confirm whether there are other anti-malware product or third party anti-malware , if third party software exist suggest remove and see because there are many possible compatibility issue

Then if not any (third-party anti-malware), suggest disable or remove solidcore and see whether issue persist

If disable solidcore , issue disappeared:
Then suggest disable memory protection / SAU / execution protection.
Or we can say the issue is not related to solidcore.

If disable those functions issue persist , collect gatherinfo and MER logs in client and post to solidcore sharepoint , else ( if disable those functions and issue disappeared ) suggest disable all and enable only one function at a time , to see which function affected most and disable it 

 

What you need:
Familiar with solidcore function and sadmin command line , good communicate with advanced team