Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Application whitelisting review: McAfee Application Control

McAfee's whitelisting protection for Windows, Linux, and Solaris is short on shortcomings
Page:

McAfee Application Control 5.0 (due out Dec. 15) is the result of McAfee's acquisition of Solidcore and the integration of Solidcore S3 Control with McAfee ePolicy Orchestrator (ePO). McAfee Application Control rivals SignaCert for the broadest client support among all the products in InfoWorld's review. It also boasts write protection and ownership protection of whitelisted files, good reporting and alerting, and no significant cons.

McAfee Application Control can enforce whitelisting policies on Windows NT 4 through Windows Server 2008 (Windows 7 support is forthcoming), Suse Linux 9 and 10, Oracle Enterprise Linux, Red Hat Linux 3 through 5 (and CentOS), and Solaris 8 through 10. Its precursor, Solidcore S3 Control, is in use on thousands of client nodes and is deployed on more than 250,000 ATMs.

McAfee Application Control's management console is a dashboard component of McAfee ePO 4.5 (screen image). Administrators connect via a secure browser session, where they can manage Application Control and any other McAfee security solutions they have deployed.

Protected PCs are considered "Solidified," a term that harkens back to the product's Solidcore days. The client interface is minimal, consisting of command-line instructions and parameters. Clicking an icon on the client desktop, called the McAfee Solidifier Command Line (screen image), gives access to all the Solidifier console commands, which allows a user to control everything an administrator could from within the ePO management console. Of course, ePO configurations can prevent local commands from working.

What McAfee Application Control may lack in client interface it makes up for in overall functionality. It can allow or deny program executions by file name, SHA-1 hash, path rules, and digital certificates. McAfee's solution is one of only two products in this review (the other is Lumension) to allow or deny individual scripts or files of any type, although configuring these policies takes extra steps in McAfee.

(SignaCert can monitor individual scripts, or any file type, but cannot block executions.) An administrator must first create a rule about the script interpreter or originating process, but then can allow or prevent individual scripts and files. For example, to prevent individual Perl scripts, the administrator would have to create a rule regarding Perl.exe, but then can allow or deny individual Perl scripts. Similarly, 16-bit applications can be controlled by first creating a rule about Ntdvm.exe, and then marking the individual 16-bit applications.

Whitelisting rules can be created by defining trusted binaries, users, publishers, and directories. Trusted directories can include excluded subfolders so that not every location and file under a trusted parent folder is automatically trusted by default.

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Linux, Lumension, McAfee, Microsoft, Oracle, Red Hat
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: application whitelisting, mcafee, security
Latest Blog Posts
Whitepapers
  • Restore control, Reinforce security & Reduce Cost
    Uncontrolled print environments and practices present a serious risk to the profit and security of your organisation. IT is under pressure to protect sensitive information, secure devices, and improve the way they manage the entire fleet. To gain better control, your organisation needs to implement plans that meet industry regulations while also increasing productivity, lowering costs, and providing users with more flexible imaging and printing solutions. Read more.
    Learn more »
  • The Need for DLP (data leak prevention) now
    When it comes to the terabytes of confidential and proprietary data on corporate networks, companies often use kid gloves to secure the data. This begs the question, why are office supplies subject to a higher level of security than the data? Many organisations are turning to a DLP solution to help them in gaining control over their seemingly uncontrolled data stores.
    Learn more »
  • Seven SOA Practices to Unlock Business Value
    The fact is that companies are increasingly using SOA to gain competitive business advantage. Distilled down to seven essential SOA practices, the following list enables IT professionals to tightly align SOA investments with their organization’s business priorities. Using these practices can help with driving competitive advantage and adding measurable business value...and that’s a sure way for IT pros to win recognition and ongoing support within their companies.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments