McAfee Application and Change Control

Upgrade

McAfee defines an upgrade as a deployment where a version of McAfee Application and Change Control already exists on the endpoint. Review the supported environments documentation to ensure that the environment is compatible before deployment.

• Supported platforms, environments, and operating systems for McAfee Application and Change Control

Review the guides below for information about how to install McAfee Application and Change Control and for additional details regarding system requirements.

Windows

• McAfee Application Control 8.3.0
  • Upgrade the software in a managed environment
  • Upgrade the software in a standalone environment

Linux

• McAfee Application and Change Control 6.4.0
  • Upgrade installation workflow
  • Review the log file
    • If the upgrade is successful, the solidcoreS3_install_<rel><build>.log file is created in the /var /log/mcafee/solidcore directory.
    • If the upgrade fails, the solidcoreS3_install.log file is present in the /tmp directory. For error details, review the most-recent bitrock_installer.log or bitrock_installer_.log file in the /tmp directory.

If you have an issue during installation, see the following documentation:

• Windows cannot open this program because it has been prevented by a software restriction policy (installation or upgrade of McAfee Application and Change Control fails)
• Review the installation log files as specified above

Configuration & Best Practices

The default settings typically require additional configuration and tuning for most environments. To get acquainted with the software, review the documentation below:

• McAfee Application Control FAQ
• Supported environments for McAfee Application and Change Control
• REGISTERED — Support for legacy Windows platforms with McAfee Application and Change Control

Best practices guides

These guides cover installing in cloned or imaged environments, deployment strategy, guidelines for default policies, recommendations for fetching inventory, and managing applications.

• McAfee Application and Change Control 8.3
• McAfee Application and Change Control 8.0
• McAfee Application and Change Control 7.0
• McAfee Application and Change Control 6.2

Command line guides

• McAfee Application Control 8.2 Windows CLI Interface Guide
• McAfee Change Control 8.2 Windows CLI Interface Guide
• McAfee Application Control 8.0 Windows CLI Interface Guide
• McAfee Change Control 8.0 Windows CLI Interface Guide
• McAfee Application Control 7.0 Windows CLI Interface Guide
• McAfee Change Control 7.0 Windows CLI Interface Guide
• McAfee Application Control 6.2 Windows CLI Interface Guide
• McAfee Change Control 6.2 Windows CLI Interface Guide

If you want to go from standalone to managed with McAfee Application Control:

• How to manage a standalone deployed McAfee Application Control Windows installation with McAfee ePO
• How to manage a standalone deployed McAfee Application Control/Change Control Linux/Unix Install with McAfee ePO

If you are running McAfee Host Intrusion Prevention, McAfee Endpoint Security, or McAfee VirusScan Enterprise with McAfee Application Control, here are some recommendations:

• Exclusions for McAfee Application and Change Control to improve post-install performance
• McAfee Application and Change Control memory protection should be disabled with Host Intrusion Prevention and or Endpoint Security installed
• McAfee Application and Change Control prevents installation of Endpoint Security
• Endpoint Security Web Control Extension is disabled after installing Web Control on a system with McAfee Application and Change Control 8.1.0.118.1

The memory protection that is provided via McAfee Host Intrusion Prevention, McAfee Endpoint Security, and McAfee VirusScan Enterprise is superior to what your installed version of McAfee Application Control provides, so there is no security risk in doing this.

We recommend that McAfee Application Control memory protection features be disabled on all machines that have memory protection technology from another McAfee product. You can safely use McAfee Application Control memory protection on all machines that do not have another product installed that includes memory protection technology.

Please see McAfee Application Control 8.2.0 Release notes for more information on configurable memory protection and SAU in McAfee ePO.

Additional Resources

• McAfee Application Control corrupt inventory fallback process
• Processing overview for the McAfee Application Control Pull Inventory client task
• How Updaters work with McAfee Application Control and McAfee Change Control
• McAfee Application Control checks for reputation-based execution and final reputation
• Differences between "Observation mode" and "Update mode" in McAfee Application Control

Managing McAfee Application and Change Control

To disable McAfee Application and Change Control, you need access to one of the following:

• The McAfee ePO server with the appropriate permissions
  • Utilize the McAfee Application and Change Control client tasks (SC: Disable, SC: Observe Mode)
• Local administrator command line access
  • Administrative Windows command line access to the host with knowledge of the McAfee Application Control CLI password
• How to disable McAfee Application and Change Control in safemode

Any of the above requires a reboot to disable McAfee Application Control and not have the drivers loaded. With current versions of McAfee Application and Change Control, it is not possible to disable the product without rebooting.

Note: Uninstalling the product, requires it to be in Disable mode first.

Learn how to enable McAfee Application and Change Control protection in Windows Safe Mode.

Refer to the following documentation about policy optimization. All require logging in to ServicePortal.

• Performance and stability improvements for multiple products now available
• Performance and stability improvements for multiple products includes support for the Windows 10 release in April 2018
• McAfee Application and Change Control 8.x consumes a higher amount of resources than the previously released versions resulting in performance issues
• Performance issues on McAfee Application Control endpoints when Global Threat Intelligence and Threat Intelligence Exchange communication fails
• Performance issues occur after installation of the extension
• McAfee Application Control 6.x observations generate in large numbers causing McAfee ePO performance and database size issues

Root Certificate Expiration

The McAfee product line uses TLS for secure communication. Two certificates validate McAfee TLS chains, including a primary expiring in 2038 and a secondary expiring on May 30, 2020. If either certificate, or both, are present in your environment, TLS will function correctly prior to May 30, 2020. After May 30, 2020, only the primary certificate will be valid. Out of an abundance of caution McAfee is informing customers of this impending event.

Generally, certificates are auto-updated through operation systems and customers will not be impacted. However, in environments where automatic management of root certificates is disabled and the primary certificate has not been manually deployed, customers will potentially be impacted. KB92937 provides information on how to verify and install the primary certificate.

Failure to have a valid certificate will cause product issues including reduced detection efficacy.

The primary certificate that needs to be validated is in a customer's environment as below:

Subject : CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
Thumbprint : 2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
Expiration : 2038-01-18

Subscribe to KB92937 to receive updates.