Change Control and Application Control 6.1 Installation

Installation Guide

McAfee Change Control and McAfee

Application Control 6.1.0

For use with ePolicy Orchestrator 4.5.0–4.6.0

COPYRIGHT

Copyright © 2012 McAfee, Inc. Do not copy without permission.

TRADEMARK ATTRIBUTIONS

McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator,

McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab,

McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection,

TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.

LICENSE INFORMATION

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS

FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU

HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR

SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A

FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET

FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF

PURCHASE FOR A FULL REFUND.

2

McAfee Change Control and McAfee Application Control 6.1.0

Installation Guide

Contents

1

2

3

4

Preface 5

About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5

Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5

What's in this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Installing the software 7

Review prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Install the Solidcore extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Specify licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Install the Solidcore client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9

Add the package to the McAfee ePO repository . . . . . . . . . . . . . . . . . . .

9

Install the Solidcore client on the endpoints . . . . . . . . . . . . . . . . . . . . 10

Verify the Solidcore client installation . . . . . . . . . . . . . . . . . . . . . . . 11

Enable the Solidcore client . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Upgrading the software 17

Upgrade the Solidcore extension . . . . . . . . . . . . . . . . . . . . . . . . . . .

17

Upgrade the Solidcore client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Add the Solidcore client package to the repository . . . . . . . . . . . . . . . . .

19

Change the mode of the Solidcore clients . . . . . . . . . . . . . . . . . . . . . 20

Upgrade the Solidcore client on the endpoints . . . . . . . . . . . . . . . . . . . 23

Verify the Solidcore client upgrade . . . . . . . . . . . . . . . . . . . . . . . . 24

Place the endpoints in Enabled mode . . . . . . . . . . . . . . . . . . . . . .

25

Uninstalling the software 29

Remove the Solidcore client . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

29

Remove the Solidcore extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Remove the Solidcore client package . . . . . . . . . . . . . . . . . . . . . . . . . . 31

FAQs 33

Index 35


Installation Guide

3

Contents

4


Installation Guide

Preface

This guide provides the information you need to install your McAfee product.

Contents

About this guide

Components

Find product documentation

About this guide

This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized.

Audience

McAfee documentation is carefully researched and written for the target audience.

The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

• Users — People who use the computer where the software is running and can access some or all of its features.

Conventions

This guide uses these typographical conventions and icons.

Title of a book, chapter, or topic; a new term; emphasis.

Book title, term,

emphasis

Bold

User input, code, message

Interface text

Hypertext blue

Text that is strongly emphasized.

Commands and other text that the user types; a code sample; a displayed message.

Words from the product interface like options, menus, buttons, and dialog boxes.

A link to a topic or to an external website.

Note: Additional information, like an alternate method of accessing an option.

Tip: Suggestions and recommendations.

Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data.

Warning: Critical advice to prevent bodily harm when using a hardware product.


Installation Guide

5

Preface

Components

What's in this guide

This guide is organized to help you find the information you need.

This document provides information you need to install, upgrade, and uninstall the McAfee ® Change

Control and McAfee ® Application Control software. This document is meant as a reference to use along with the Change Control, Application Control, and McAfee ePolicy Orchestrator interfaces.

Components

This section describes the components that need to be installed and running to use the Change

Control and Application Control software.

The components are:

• McAfee ePO server and repository — Management tool that installs software and deploys policies on the managed endpoints. It also allows you to monitor client activity, create reports, and store and distribute content and software updates.

• McAfee Agent — Agent installed on a managed system that acts as the intermediary between the

Solidcore client and McAfee ePO server. It sends data to the client from the McAfee ePO server and vice versa.

• Solidcore extension — Integrates with the McAfee ePO console and provides Change Control and

Application Control features.

• Solidcore client — Software component that provides change monitoring, change prevention, and whitelisting features on the endpoints on which it is installed.

Find product documentation

McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase.

Task

1

Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com

.

2

Under Self Service, access the type of information you need:

To access...

Do this...

User documentation

1

Click Product Documentation.

2

Select a product, then select a version.

3

Select a product document.

KnowledgeBase

• Click Search the KnowledgeBase for answers to your product questions.

• Click Browse the KnowledgeBase for articles listed by product and version.

6


Installation Guide

1

Installing the software

This section describes how to install Change Control or Application Control in the McAfee ePO environment.

Contents

Review prerequisites

Install the Solidcore extension

Specify licenses

Install the Solidcore client

Review prerequisites

Before installing Change Control or Application Control, ensure that your environment conforms to these requirements.

• Ensure that the McAfee ePO server and database are installed and configured. For instructions, see the ePolicy Orchestrator Installation Guide and ePolicy Orchestrator Product Guide.

• Ensure that the McAfee Agent is installed on each endpoint on which you want to install Change

Control or Application Control.

• Ensure successful installation of Change Control or Application Control on the Linux endpoints

(when a pre ‑compiled build is unavailable) by making sure the endpoints conform to the following requirements. Starting with the 6.1.0 release, we have included capability to compile kernel modules for targets. For compilation to occur successfully, a build environment is required on the endpoint. Note that any non

‑conformance to the listed build environment will result in build and installation failures.

1

Ensure the following build and packaging tools are installed on the endpoint system.

• gmake (provided by package make)

• gcc (provided by package gcc)

• ld (provided by package binutils)

• ar (provided by package binutils)

• rpmbuild (provided by package rpm

‑build on Red Hat and package rpm on SUSE)

• cpio (provided by package cpio)

2

Ensure the Kbuild framework is installed under /lib/modules/<kernelversion>/build/

(provided by package kernel ‑source on SUSE 10 and package kernel‑devel on rest of the distributions).


Installation Guide

7

1


Install the Solidcore extension

3

Ensure the installed packages match the running kernel.

4

We recommend that you ensure that the installed package versions are the same as the versions that are packaged with the distribution ISO.

• Download the Solidcore extension package from the McAfee Downloads site. The Solidcore extension file is typically named Solidcore_<version>.zip.

• Download the Solidcore client package from the McAfee Downloads site. The following table lists the available Solidcore client packages.

Operating system

Microsoft Windows

Linux

AIX

Package name

SOLIDCOR<version> ‑<build>_WIN.zip

SOLIDCOR<version>

‑<build>_LNX.zip

SOLIDCOR<version> ‑<build>_AIX.zip

In the file name, <version> and <build> represent the version and build number associated with the product. For example, the SOLIDCOR610

‑211_WIN.zip file includes the Solidcore client (version

6.1.0 and build number 211) for the Windows platform.

• Ensure that the endpoints on which you need to install the Solidcore client are supported (see

KB76459 ).

• Determine the database sizing requirements for your setup (see KB76580 ).

• Review the minimum system requirements for Change Control and Application Control (see

KB76579 ).

• Review the list of kernels for the Linux operating system for which the pre

‑compiled binary files are included in the software (see KB76544 ).

Starting with the 6.1.0 release, the installation workflow for the Linux operating system has changed. In the previous releases, product deployment support was limited due to requirement of pre

‑compiled kernel modules specific to the underlying kernels. With the 6.1.0 release, we have:

• Provided pre

‑compiled binary files for a set of kernels and direct installation will occur

(without compilation) on these set of kernels.

• Included capability to compile kernel modules for targets. If a pre

‑compiled binary file is unavailable for a kernel, installation is supported through compilation. If the needed build and packaging tools are present on the endpoint, the software compiles code and creates a new build suitable for the installed kernel.

• Review the release notes to acquaint yourself with the known issues and identify dependencies you need to consider.

Install the Solidcore extension

The Solidcore extension installs on versions 4.5 and 4.6 of the McAfee ePO server. Use this task to install the Solidcore extension.

Task

1

Ensure that the extension file is stored at an accessible location.

2

Select Menu | Software | Extensions.

The Extensions page appears.

8


Installation Guide


Specify licenses

1

3

Click Install Extension.

4

Browse and select the Solidcore_<VERSION>.zip file.

5

Click OK.

6

Verify the information on the Install Extension page, then click OK.

7

Verify that the Solidcore product name appears in the Extensions list.

Specify licenses

Licenses determine the product features available to you. At a time, you can enable one or all features. Use this task to add licenses to enable the required features.

Task

1

Select Menu | Configuration | Server Settings.

The Setting Categories page appears.

2

Select Solidcore and click Edit.

The Edit Solidcore page appears.

3

Enter the license keys.

Evaluation licenses are valid only for 30 days.

4

Click Save.

Install the Solidcore client

You can install and deploy the Solidcore client on Windows, Linux, and AIX platforms. For all supported platforms, the Solidcore client works well on both physical and virtual machines (VM).

Tasks

•

Add the package to the McAfee ePO repository on page 9

Use this task to add the Solidcore client package to the McAfee ePO repository.

•

Install the Solidcore client on the endpoints on page 10

Use this task to install the Solidcore client on the endpoints.

•

Verify the Solidcore client installation on page 11

Use this task to verify that the Solidcore client was installed successfully on an endpoint.

•

Enable the Solidcore client on page 12

Use this task to place the Solidcore client in Enabled mode.

Add the package to the McAfee ePO repository


Task

1

Select Menu | Software | Master Repository.

The Packages in the Master Repository page appears.

2

Select Actions | Check In Package.


Installation Guide

9

1


Install the Solidcore client

3

Set the package type to Product or Update (.ZIP).

4

Browse and select the package zip file.

5

Click Next.

The Package Options page appears.

6

Confirm the information.

• Package Info: Verify the package details.

• Branch: Select the desired branch. Set to Current for new products.

• Options: Optionally, select the Move the existing package to the Previous branch option to move an existing package to the previous branch.

• Package signing: Indicates if the package is signed by McAfee or is a third ‑party package.

7

Click Save to add the package.

The new package appears in Packages in Master Repository list.

Install the Solidcore client on the endpoints

Use this task to install the Solidcore client on the endpoints.

On the Linux platforms, if a pre ‑compiled binary file does not exist for a kernel, the software compiles the kernel module source code to create a build suitable for the kernel. Once this build is available, you can reuse this build to install the software on all endpoints that use the same kernel. To do this:

1

Install the Solidcore client on one Linux endpoint (run the Product Deployment task on one endpoint). Ensure the endpoint has the needed build and packaging tools installed

(for details see the Review prerequisites section). When you the run the task, the software will create the needed build and place it in the <install directory>/dks directory on the endpoint.

2

Copy the created build and place it in the /opt/solidcore directory of the other similar endpoints. Note that the /opt/solidcore directory does not exist by default and needs to be created manually. Also, the naming convention followed for the builds is solidifier

‑kmod‑<rel>‑<build>.<distro>.<kernel>.<arch>.rpm.

3

Install the Solidcore client on the other Linux endpoints (run the Product Deployment task on the endpoints).

Task

1

Select Menu | Systems | System Tree.

2

Complete these steps for the McAfee ePO 4.6 console:

a

Perform one of these actions:

• To apply the client task to a group, select a group in the System Tree and switch to the

Assigned Client Tasks tab.

• To apply the client task to an endpoint, select the endpoint on the Systems page and click

Actions | Agent | Modify Tasks on a Single System.

b Click Actions | New Client Task Assignment.

The Client Task Assignment Builder page appears.

10


Installation Guide



1

c

Select the McAfee Agent product and Product Deployment task type, then click Create New Task.

d Specify the task name and add any descriptive information.

3


a


• To apply the client task to a group, select a group in the System Tree and switch to the Client

Tasks tab.



b Click Actions | New Task.

The Client Task Builder page appears.

c

Specify the task name and add any descriptive information.

d Select Product Deployment.

e

Specify the endpoints to consider, then click Next.

The Configuration page appears.

4

Select the target platform.

For example, when installing the Solidcore client package on the Windows operating system, select

Windows as the target platform.

5

Specify the component and action.

a

Select the appropriate package from the Products and components list.

b Select the Install action.

c

Select the language of the package.

d Specify the branch from which to add the package.

6

Click Save (McAfee ePO 4.6 only).

7

Click Next.

The Schedule page appears.

8

Specify scheduling details then click Next.

9

Review and verify the task details, then click Save.

10 Optionally, wake up the agent to send your client task to the endpoint immediately.

On all UNIX platforms, if you are using McAfee Agent 4.5 (earlier than patch 1), restart the McAfee

Agent service after you install, uninstall, or upgrade the Solidcore client.

Verify the Solidcore client installation

Use this task to verify that the Solidcore client was installed successfully on an endpoint.

Task

1


2

Select a group or endpoint from the list.

The Systems tab provides details for the selected node.


Installation Guide

11

1



3

Review logs from the McAfee ePO console.

a

Select a system on the Systems page.

b Select Actions | Agent | Show Agent Log to view the agent log for the endpoint.

By default, agent logs are not enabled on the McAfee ePO console. For information on how to enable agent logs, see the ePolicy Orchestrator Product Guide.

c

Check the log to verify if the software was successfully installed at the endpoint.

4

Review the properties for the system.

a

Wake up the agent to fetch properties immediately.

Typically, information is exchanged between the agent and server after the agent ‑to‑server‑communication interval (ASCI) lapses. Default ASCI value is 60 minutes. Send an agent wake ‑up call to ensure immediate communication and data exchange between the server and the agent, without waiting for the ASCI to expire.

b Click a system on the Systems page.

The details for the selected system are displayed.

c


• On the McAfee ePO 4.6 console, click the Products tab and review the Solidcore version. Click the row to review additional information, including the product version and installation path.

• On the McAfee ePO 4.5 console, scroll and review the Solidcore section. Confirm the product version and installation path.

Enable the Solidcore client


Task

1


2

Complete these steps from the McAfee ePO 4.6 console:

a








c

Select the Solidcore 6.1.0 product and SC: Enable task type, then click Create New Task.

The Client Task Catalog page appears.


12


Installation Guide



3

Complete these steps from the McAfee ePO 4.5 console:

a



Tasks tab.





c


d Select SC: Enable (Solidcore 6.1.0), then click Next.


4

Select the platform.

5

Select the subplatform (only for the Windows and Unix platforms).

6

Select the version (only for the All except NT/2000 subplatform).

7

Indicate whether to enable Change Control, Application Control, or both.

8

Complete the following steps to enable Change Control.

Solidcore client version

On Solidcore client version:

• 5.1.5 or earlier (Windows)

• 6.0.1 or earlier (UNIX)

Steps

Select the Force Reboot with the task option to restart the endpoint.

Restarting the system is necessary to enable the software.

On the Windows platforms, a pop ‑up message is displayed at the the user to save work and data on the endpoint.

On UNIX platforms, the endpoint is restarted as soon as the task is applied.

No configuration is needed.

On Solidcore client version

6.0.0 or later (Windows)


6.1.0 or later (UNIX)

Deselect the Force Reboot with the task option.

When using Solidcore client version 6.1.0 or later, restarting the system is not necessary to enable the software.

9

Complete the following steps to enable Application Control.

1


Installation Guide

13

1



Solidcore client version Steps

On Solidcore client version:


• 5.1.5 or earlier

(Windows)

1

Select the Perform Initial Scan to create whitelist option to create the whitelist when enabling Application Control.

Application Control requires the creation of a list of all trusted executable files present on the endpoint system (known as the whitelist). The one ‑time activity of creating the whitelist is known inventory while enabling the Solidcore client or defer to create it later.

If you defer the scan, run the SC: Initial Scan to create whitelist client task after the SC: Enable task is applied and system is restarted.


6.1.0 or later (UNIX)

2

Select Force Reboot with the task to restart the endpoint after solidification is complete.

Restarting the system is necessary to enable the software. A pop ‑up message is displayed at the endpoint 5 minutes before the endpoint is restarted. This allows the user to save work and data on the endpoint.

Deselect the Force Reboot with the task option.

When using Solidcore client version 6.1.0 or later, restarting the system is not necessary to enable the software.


6.0.0 or later (Windows)

Solidcore client version 6.1 is not available for the

Windows NT,

Windows 2000,

HP

‑UX, Solaris, and

WindRiver Linux platforms.

1. Specify the scan priority.

The set scan priority determines the priority of the thread that is run to create the whitelist on the endpoints. We recommend you set the scan priority to Low. This ensures that Application Control causes minimal performance impact on the endpoints but might take longer

(than when you set the priority to High) to create the whitelist.

2. Specify the activation option.

Limited Feature Activation The endpoints are not restarted and limited features of Application Control

(memory protection features are unavailable) are activated. Memory

Protection features are available only after the endpoint is restarted.

14


Installation Guide



1

Solidcore client version Steps

Full Feature Activation The endpoints are restarted, whitelist created, and all features of Application

Control including Memory Protection are active. Restarting the endpoints is necessary to enable the memory protection features. The endpoint is restarted 5 minutes after the client task is received at the endpoint. A pop

‑up message is displayed on the endpoint before the endpoint is restarted.

3. Select the Start Observe Mode option to place the endpoints in

Observe mode.

The Observation mode feature is available only on the Windows operating system.

4. Optionally, select the Pull Inventory option.

If you select this option, the software fetches the inventory details for the endpoints (after the whitelist is created) and makes the details available on the McAfee ePO console when the ASCI lapses. We recommend you select this option if you wish to manage the inventory using the McAfee ePO console.

10 Click Save (McAfee ePO 4.6 only).

11 Click Next.


12 Specify scheduling details, then click Next.

13 Review and verify the task details, then click Save.


15 Verify that the software is enabled.

a




c


• On the McAfee ePO 4.6 console, select the Products tab and review the Solidcore version. Click the row to review the license status.

• On the McAfee ePO 4.5 console, scroll and review the Solidcore section. Click More and review the license status.


Installation Guide

15

1



16


Installation Guide

2

Upgrading the software

This section describes how to upgrade Change Control or Application Control.

Contents

Upgrade the Solidcore extension

Upgrade the Solidcore client

Upgrade the Solidcore extension

Use this task to upgrade the Solidcore extension.

Task

1

Back up the relevant files before you upgrade the Solidcore extension.

a

Stop the McAfee ePO Event Parser service.

1

Select Control Panel | Administrative Tools | Services.

2

Right

‑click the McAfee ePolicy Orchestrator <version> Event Parser service and click Stop.

b Back up the following:

• McAfee ePO database

• <McAfee ePO install dir>\Server\extensions\installed\Solidcore directory

• <McAfee ePO install dir>\Server\conf\Catalina\localhost\SOLIDCORE_META.xml file

2

Ensure that the extension file is stored at an accessible location.

3



4

Click Install Extension.

5

Browse and select the Solidcore_<VERSION>.zip file.

A warning message states that the existing extension will be replaced.

6

Click OK.

7

Verify the information on the Install Extension page, then click OK.


Installation Guide

17

2

18


Upgrade the Solidcore extension

8

Verify that the Solidcore product name appears in the Extensions list.

After you upgrade the Solidcore extension, the domain netbiosName for existing users imported directly from an Active Directory to rule groups and policies will not be populated. To ensure the domain netbiosName is available for such users, delete and reimport users from the Active

Directory. After the upgrade, any users that you import from the Active Directory and add to new or existing rule groups and policies will automatically include the domain netbiosName.

9

Start the McAfee ePO Event Parser service.

a

Select Control Panel | Administrative Tools | Services.

b Right

‑click the McAfee ePolicy Orchestrator <version> Event Parser service and click Start.

10 Verify that migration of data was successful.

a

Select Menu | Automation | Server Task Log.

b Check if the Solidcore: Migration server task was completed.

This server task completes upgrade ‑related activities.

c

If the migration fails, review the server task log, resolve any issues, and run the Solidcore:

Migration server task manually to complete the migration.

When you upgrade the Solidcore extension (from the 5.1.5 or earlier version), existing inventory and image deviation data is not migrated. After you upgrade, you must fetch inventory details, as needed. Also, during upgrade one of the following occurs for dashboards and reports:

• If you did not edit a default dashboard or report, the upgrade operation overwrites the dashboard or report.

• If you edited a default dashboard or report, the upgrade operation retains the edited dashboard or report and adds the corresponding new dashboard or report with a suffix.

11 Optionally, run the Rule Group Sanity Check server task from the McAfee ePO console to fix the inconsistencies in the rule groups.

This server task reports and corrects (if possible) discrepancies and inconsistencies in the Solidcore rule groups and policies.

a

Select Menu | Automation | Server Tasks.

b Click New Task.

The Server Task Builder wizard opens.

c

Type the task name and click Next.

d Select Solidcore: Rule Group Sanity Check from the Actions drop

‑down list.

e

Click Next.

f

Specify the schedule for the task.

g Click Next.

The Summary page appears.

h Review the task summary and click Save.

i

Review the logs generated by the server task (on the Server Task Log page) to view the warnings, if any.


Installation Guide


Upgrade the Solidcore client

Upgrade the Solidcore client

You can upgrade the Solidcore client on Windows, Linux, and AIX platforms. For all supported platforms, the Solidcore client works well on both physical and virtual machines (VM).

For information on the supported operating systems, see KB76459 .

If you cannot upgrade the Solidcore clients on your critical endpoints, the endpoints work well with the upgraded Solidcore extension. However, the new features available in the 6.1.0 version are not available on the endpoints until you upgrade the Solidcore client version.

Tasks

•

Add the Solidcore client package to the repository on page 19


•

Change the mode of the Solidcore clients on page 20

Upgrade is supported in the Update, Disabled, or Observe (Windows only

‑ on all except

Windows NT and Windows 2000) mode. It is recommended that you perform the upgrade in Update mode.

•

Upgrade the Solidcore client on the endpoints on page 23

Use this task to upgrade the Solidcore client on the endpoints.

•

Verify the Solidcore client upgrade on page 24

Use this task to verify that the Solidcore client was upgraded successfully on an endpoint.

•

Place the endpoints in Enabled mode on page 25

After you upgrade the Solidcore client, you must place the endpoints in Enabled mode.

Add the Solidcore client package to the repository


Task

1


The Packages in the Master Repository page appears.

2

Select Actions | Check In Package.

3

Set the package type to Product or Update (.ZIP).

4

Browse and select the package zip file.

5

Click Next.

The Package Options page appears.

6

Confirm the information.

• Package Info: Verify the package details.

• Branch: Select the desired branch. Set to Current for new products.

• Options: Optionally, select the Move the existing package to the Previous branch option to move an existing package to the previous branch.

• Package signing: Indicates if the package is signed by McAfee or is a third

‑party package.

7

Click Save to check in the package.

The new package appears in Packages in Master Repository list.

2


Installation Guide

19

2

20



Change the mode of the Solidcore clients

Upgrade is supported in the Update, Disabled, or Observe (Windows only

‑ on all except Windows NT and Windows 2000) mode. It is recommended that you perform the upgrade in Update mode.

Tasks

•

Place the endpoints in Update mode on page 20

Use this task to place the endpoints in Update mode.

•

Place the endpoints in Disabled mode on page 21

Use the Disabled mode only if your endpoint is currently in Disabled mode.

•

Place the endpoints in Observe mode on page 22

Use this task to place the endpoints in Observe mode.

Place the endpoints in Update mode

Use this task to place the endpoints in Update mode.

We recommend that you upgrade using the Update mode.

Task

1


2


a








c

Select the Solidcore 6.1.0 product, SC: Begin Update Mode task type, and click Create New Task.



3


a



Tasks tab.





c


d Select SC: Begin Update Mode (Solidcore 6.1.0) and click Next.


4

Enter the Workflow ID and comments.

The workflow ID can be a meaningful description for the update window.

5



Installation Guide



6

Click Next.


7

Specify scheduling details and click Next.

8

Review and verify the task details and click Save.

9

Optionally, wake up the agent to send your client task to the endpoint immediately.

Place the endpoints in Disabled mode

Use the Disabled mode only if your endpoint is currently in Disabled mode.

Use this task to place the endpoints in Disabled mode.

Task

1


2


a








c

Select the Solidcore 6.1.0 product, SC: Disable task type, and click Create New Task.



3


a



Tasks tab.





c


d Select SC: Disable (Solidcore 6.1.0) and click Next.


4

Complete the following steps.

2


Installation Guide

21

2



License

Application

Control

Change

Control

Solidcore client version

• 5.1.2 or earlier (UNIX and Windows)

• 6.0.0 and later

(Windows)

Steps

Select Force Reboot with the task to restart the endpoints.

• 6.1.0 and later (UNIX) Deselect the Force Reboot with the task option if you are temporarily disabling the client protection for maintenance or troubleshooting. The software is disabled as soon as the task is applied.

If you are disabling the software prior to uninstallation, select the Force Reboot with the task option.

Select Force Reboot with the task to restart the endpoints.


• 6.0.0 and later

(Windows)

• 6.1.0 and later (UNIX) Deselect the Force Reboot with the task option if you are temporarily disabling the client protection for maintenance or troubleshooting. The software is disabled as soon as the task is applied.

If you are disabling the software prior to uninstallation, select the Force Reboot with the task option.

5


6

Click Next.


7


8


9


Place the endpoints in Observe mode

Use this task to place the endpoints in Observe mode.

Observe mode is available on all supported Windows platforms except Windows NT and Windows

2000. Note that Observe mode is not available on the UNIX platforms.

Task

1


2


a







The Client Task Assignment Builder page displays.

22


Installation Guide



c

Select the Solidcore 6.1.0 product, SC: Observe Mode task type, and click Create New Task.

The Client Task Catalog page displays.


3


a



Tasks tab.




The Client Task Builder page displays.

c


d Select SC: Observe Mode (Solidcore 6.1.0) and click Next.

The Configuration page displays.

4

Enter the Workflow ID and any comments.

The workflow ID provides a meaningful description for switching to Observe mode.

5


6

Click Next.

The Schedule page displays.

7


8


9


Upgrade the Solidcore client on the endpoints

Use this task to upgrade the Solidcore client on the endpoints.

Task

1


2


a








c

Select the McAfee Agent product, Product Deployment task type, and click Create New Task.



2


Installation Guide

23

2



3


a



Tasks tab.





c



e

Specify the endpoints to consider and click Next.


4


For example, when installing the Solidcore client package on the Windows operating system, select

Windows as the target platform.

5


a


b Select the Install action.

c


d Set branch to Current for new packages.

6


7

Click Next.


8


9



On all UNIX platforms, if you are using McAfee Agent 4.5 (earlier than patch 1), restart the McAfee

Agent service after you install, uninstall, or upgrade the Solidcore agent.

Verify the Solidcore client upgrade

Use this task to verify that the Solidcore client was upgraded successfully on an endpoint.

Task

1


2

Select a group or endpoint from the list.

The Systems tab provides details for the selected node.

24


Installation Guide



2

3

Review logs from the McAfee ePO console.

a

Select a system on the Systems page.

b Select Actions | Agent | Show Agent Log to view the agent log for the endpoint.

By default, agent logs are not enabled on the McAfee ePO console. For information on how to enable agent logs, see the ePolicy Orchestrator Product Guide.

c

Check the log to verify if the software was successfully upgraded at the endpoint.

4

Review the properties for the system.

a


Typically, information is exchanged between the agent and server after the agent ‑to‑server‑communication interval (ASCI) lapses. The default ASCI value is 60 minutes.

Send an agent wake ‑up call to ensure immediate communication and data exchange between the server and the agent, without waiting for the ASCI to expire.



c


• On the McAfee ePO 4.6 console, select the Products tab and review the Solidcore version. Click the row to review additional information, including the product version and installation path.

• On the McAfee ePO 4.5 console, scroll and review the Solidcore section. Confirm the product version and installation path.

Place the endpoints in Enabled mode

After you upgrade the Solidcore client, you must place the endpoints in Enabled mode.

Tasks

•

Exit the Update mode on page 25

If you upgraded in Update mode, exit the Update mode.

•

Enable the Solidcore client on page 26

If you upgraded in Disabled mode, enable the Solidcore client.

•

Exit the Observe mode on page 26

If you upgraded in Observe mode, exit the Observe mode.

Exit the Update mode

If you upgraded in Update mode, exit the Update mode.

Use this task to place the endpoints back in Enabled mode after you complete the required changes in the Update mode.

Task

1


2


a







Installation Guide

25

2





c

Select the Solidcore 6.1.0 product, SC: End Update Mode task type, and click Create New Task.


d Specify the task name and add any information.

3


a



Tasks tab.





c


d Select SC: End Update Mode (Solidcore 6.1.0) and click Next.

The Configuration page states that no other configuration settings are required for the task.

4


5

Click Next.


6


7


8


9

Restart the endpoints.

Enable the Solidcore client

If you upgraded in Disabled mode, enable the Solidcore client.


Task

1

Place the endpoints in Enabled mode.

For detailed information, see the Enable the Solidcore client section.

2


Exit the Observe mode

If you upgraded in Observe mode, exit the Observe mode.

Use this task to place the endpoints in Enabled mode after you complete the required changes in the

Observe mode.

26


Installation Guide



Task

1


2


a







The Client Task Assignment Builder page displays.

c

Select the Solidcore 6.1.0 product, SC: Observe Mode task type, and click Create New Task.

The Client Task Catalog page displays.


3


a



Tasks tab.




The Client Task Builder page displays.

c


d Select SC: Observe Mode (Solidcore 6.1.0) and click Next.

The Configuration page displays.

4

Select End Observe Mode.

5

Select Enable Solidcore client to place the endpoint in Enabled mode.

6

Select Update changes made in Observe Mode to whitelist to update the inventory with the recent changes.

7


8

Click Next.

The Schedule page displays.

9


10 Review and verify the task details and click Save.


12 Restart the endpoints.

2


Installation Guide

27

2



28


Installation Guide

3

Uninstalling the software

This section describes how to uninstall Change Control or Application Control.

Contents

Remove the Solidcore client

Remove the Solidcore extension

Remove the Solidcore client package

Remove the Solidcore client

Use this task to remove the Solidcore client.

Task

1

Place the endpoints in Disabled mode.

For detailed information, see the Place the endpoints in Disabled mode section.

2


3


4


a








c

Select the McAfee Agent product, Product Deployment task type, and click Create New Task.



5


a



Tasks tab.




Installation Guide

29

3


Remove the Solidcore extension



c



e

Specify the endpoints to consider and click Next.


6


7


a


b Select the Remove action.

c


d Set branch to Current for new packages.

8


9

Click Next.


10 Specify scheduling details and click Next.

11 Review and verify the task details and click Save.


13 Verify the Solidcore client removal.

a


Typically, information is exchanged between the agent and server after the agent ‑to‑server‑communication interval (ASCI) lapses. Default ASCI value is 60 minutes. Send an agent wake ‑up call to ensure immediate communication and data exchange between the server and the agent, without waiting for the ASCI to expire.



c


• On the McAfee ePO 4.6 console, click the Products tab and ensure Solidcore is not listed.

• On the McAfee ePO 4.5 console, scroll and ensure that the Solidcore section is not present.

Remove the Solidcore extension

Use this task to remove the Solidcore extension.

Task

1



2

Select Solidcore from the Extensions list.

30


Installation Guide


Remove the Solidcore client package

3

Click Remove.

When you remove the Solidcore extension, the all product ‑specific tables (SCOR tables) are removed from the database. However, all default and user ‑defined dashboards and reports are retained in the database. To remove all Solidcore dashboards and queries perform the following steps:

a

Remove the Solidcore dashboards.

1

Select Menu | Reporting | Dashboards.

The Dashboards page displays.

2


• From the McAfee ePO 4.6 console, review the items in the Dashboard list.

• From the McAfee ePO 4.5 console, select Options | Manage Dashboards to view the available dashboards.

3

Delete following dashboards.

• Solidcore: Application Control

• Solidcore: Change Control

• Solidcore: Integrity Monitor

• Solidcore: Inventory

b Remove the Solidcore queries.

Note that when you remove queries, the Application Control and Change Control folders are deleted including all the queries contained in the folders. If you wish to save a query, save the specific query in a different folder.

1

Select Menu | Reporting.

2


• From the McAfee ePO 4.6 console, select Queries & Reports.

• From the McAfee ePO 4.5 console, select Queries.

3

Expand the Shared Groups category and delete the following folders.

• Application Control

• Change Control

Remove the Solidcore client package

Use this task to remove the Solidcore client package.

Task

1


The Packages in Master Repository page appears.

2

Select Delete for a package.

3


Installation Guide

31

3


Remove the Solidcore client package

32


Installation Guide

4

FAQs

This section helps you clarify the frequently asked questions about this product.

Can the same Solidcore client be used for Change Control and Application Control?

The license key determines the features available for use; any or all features can be used at a time. At any time, you can add and enable a new stock

‑keeping unit (SKU) on an endpoint on which the

Solidcore client is enabled. For example, if you are currently using Change Control and wish to add and use Application Control, complete these steps.

1

Disable the Solidcore client on the endpoint.

For more information, see the Place the endpoints in Disabled mode section.

2

Enter the license.

For more information, see the Specify licenses section.

3

Enable the Solidcore client on the endpoint.

For more information, see the Enable the Solidcore client section.

Can the Solidcore client be deployed on a Virtual Machine?

The Solidcore client works on a Virtual Machine if the operating system installed on the Virtual

Machine is supported by the Solidcore client. For a list of the supported platforms, see KB76459 .


Installation Guide

33

4

FAQs

34


Installation Guide

Index

A

about this guide

5

C

conventions and icons used in this guide

5

D

documentation

audience for this guide

5

product-specific, finding

6

typographical conventions and icons

5

M

McAfee ServicePortal, accessing

6

S

ServicePortal, finding product documentation

6

T

Technical Support, finding product information

6

W

what's in this guide

6


Installation Guide

35

00

Change Control and Application Control 6.1 Installation

Installation Guide

McAfee Change Control and McAfee

Application Control 6.1.0

For use with ePolicy Orchestrator 4.5.0–4.6.0

Contents

Preface

About this guide

Audience

Conventions

What's in this guide

Components

Find product documentation

Installing the software

Review prerequisites

Install the Solidcore extension

Specify licenses

Install the Solidcore client

Add the package to the McAfee ePO repository

Install the Solidcore client on the endpoints

Verify the Solidcore client installation

Enable the Solidcore client

Upgrading the software

Upgrade the Solidcore extension

Upgrade the Solidcore client

Add the Solidcore client package to the repository

Change the mode of the Solidcore clients

Place the endpoints in Update mode

Place the endpoints in Disabled mode

Place the endpoints in Observe mode

Upgrade the Solidcore client on the endpoints

Verify the Solidcore client upgrade

Place the endpoints in Enabled mode

Exit the Update mode

Enable the Solidcore client

Exit the Observe mode

Uninstalling the software

Remove the Solidcore client

Remove the Solidcore extension

Remove the Solidcore client package

FAQs

Can the same Solidcore client be used for Change Control and Application Control?

Can the Solidcore client be deployed on a Virtual Machine?

Index

A

C

D

M

S

T

W

Related manuals

Schneider Electric

Controlling Application Execution on Computers - Cybersecurity Application Note - Control Expert V15.3

Table of contents