Application Control 6.1.0 McAfee Change Control and … Click Install Extension. 4 Browse and select the Solidcore_.zip file. 5 Click OK. 6 Verify the information on

Installation Guide

McAfee Change Control and McAfeeApplication Control 6.1.0For use with ePolicy Orchestrator 4.5.0–4.6.0

COPYRIGHTCopyright © 2012 McAfee, Inc. Do not copy without permission.

TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator,McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab,McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection,TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States andother countries. Other names and brands may be claimed as the property of others.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 McAfee Change Control and McAfee Application Control 6.1.0 Installation Guide

Contents

Preface 5About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5What's in this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1 Installing the software 7Review prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Install the Solidcore extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Specify licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Install the Solidcore client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Add the package to the McAfee ePO repository . . . . . . . . . . . . . . . . . . . 9Install the Solidcore client on the endpoints . . . . . . . . . . . . . . . . . . . . 10Verify the Solidcore client installation . . . . . . . . . . . . . . . . . . . . . . . 11Enable the Solidcore client . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

2 Upgrading the software 17Upgrade the Solidcore extension . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Upgrade the Solidcore client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Add the Solidcore client package to the repository . . . . . . . . . . . . . . . . . 19Change the mode of the Solidcore clients . . . . . . . . . . . . . . . . . . . . . 20Upgrade the Solidcore client on the endpoints . . . . . . . . . . . . . . . . . . . 23Verify the Solidcore client upgrade . . . . . . . . . . . . . . . . . . . . . . . . 24Place the endpoints in Enabled mode . . . . . . . . . . . . . . . . . . . . . . 25

3 Uninstalling the software 29Remove the Solidcore client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Remove the Solidcore extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Remove the Solidcore client package . . . . . . . . . . . . . . . . . . . . . . . . . . 31

4 FAQs 33

Index 35

McAfee Change Control and McAfee Application Control 6.1.0 Installation Guide 3

Contents


Preface

This guide provides the information you need to install your McAfee product.

Contents About this guide Components Find product documentation

About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.

AudienceMcAfee documentation is carefully researched and written for the target audience.

The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

• Users — People who use the computer where the software is running and can access some or all ofits features.

ConventionsThis guide uses these typographical conventions and icons.

Book title, term,emphasis

Title of a book, chapter, or topic; a new term; emphasis.

Bold Text that is strongly emphasized.

User input, code,message

Commands and other text that the user types; a code sample; a displayedmessage.

Interface text Words from the product interface like options, menus, buttons, and dialogboxes.

Hypertext blue A link to a topic or to an external website.

Note: Additional information, like an alternate method of accessing anoption.

Tip: Suggestions and recommendations.

Important/Caution: Valuable advice to protect your computer system,software installation, network, business, or data.

Warning: Critical advice to prevent bodily harm when using a hardwareproduct.


What's in this guide This guide is organized to help you find the information you need.

This document provides information you need to install, upgrade, and uninstall the McAfee® ChangeControl and McAfee® Application Control software. This document is meant as a reference to use alongwith the Change Control, Application Control, and McAfee ePolicy Orchestrator interfaces.

ComponentsThis section describes the components that need to be installed and running to use the ChangeControl and Application Control software.

The components are:

• McAfee ePO server and repository — Management tool that installs software and deploys policies onthe managed endpoints. It also allows you to monitor client activity, create reports, and store anddistribute content and software updates.

• McAfee Agent — Agent installed on a managed system that acts as the intermediary between theSolidcore client and McAfee ePO server. It sends data to the client from the McAfee ePO server andvice versa.

• Solidcore extension — Integrates with the McAfee ePO console and provides Change Control andApplication Control features.

• Solidcore client — Software component that provides change monitoring, change prevention, andwhitelisting features on the endpoints on which it is installed.

Find product documentationMcAfee provides the information you need during each phase of product implementation, frominstallation to daily use and troubleshooting. After a product is released, information about the productis entered into the McAfee online KnowledgeBase.

Task1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.

2 Under Self Service, access the type of information you need:

To access... Do this...

User documentation 1 Click Product Documentation.

2 Select a product, then select a version.

3 Select a product document.

KnowledgeBase • Click Search the KnowledgeBase for answers to your product questions.

• Click Browse the KnowledgeBase for articles listed by product and version.

PrefaceComponents


http://mysupport.mcafee.com

1 Installing the software

This section describes how to install Change Control or Application Control in the McAfee ePOenvironment.

Contents Review prerequisites Install the Solidcore extension Specify licenses Install the Solidcore client

Review prerequisitesBefore installing Change Control or Application Control, ensure that your environment conforms tothese requirements.

• Ensure that the McAfee ePO server and database are installed and configured. For instructions, seethe ePolicy Orchestrator Installation Guide and ePolicy Orchestrator Product Guide.

• Ensure that the McAfee Agent is installed on each endpoint on which you want to install ChangeControl or Application Control.

• Ensure successful installation of Change Control or Application Control on the Linux endpoints(when a pre‑compiled build is unavailable) by making sure the endpoints conform to the followingrequirements. Starting with the 6.1.0 release, we have included capability to compile kernelmodules for targets. For compilation to occur successfully, a build environment is required on theendpoint. Note that any non‑conformance to the listed build environment will result in build andinstallation failures.

1 Ensure the following build and packaging tools are installed on the endpoint system.

• gmake (provided by package make)

• gcc (provided by package gcc)

• ld (provided by package binutils)

• ar (provided by package binutils)

• rpmbuild (provided by package rpm‑build on Red Hat and package rpm on SUSE)

• cpio (provided by package cpio)

2 Ensure the Kbuild framework is installed under /lib/modules/<kernelversion>/build/(provided by package kernel‑source on SUSE 10 and package kernel‑devel on rest of thedistributions).

1


3 Ensure the installed packages match the running kernel.

4 We recommend that you ensure that the installed package versions are the same as theversions that are packaged with the distribution ISO.

• Download the Solidcore extension package from the McAfee Downloads site. The Solidcoreextension file is typically named Solidcore_<version>.zip.

• Download the Solidcore client package from the McAfee Downloads site. The following table liststhe available Solidcore client packages.

Operating system Package name

Microsoft Windows SOLIDCOR<version>‑<build>_WIN.zip

Linux SOLIDCOR<version>‑<build>_LNX.zip

AIX SOLIDCOR<version>‑<build>_AIX.zip

In the file name, <version> and <build> represent the version and build number associated with theproduct. For example, the SOLIDCOR610‑211_WIN.zip file includes the Solidcore client (version6.1.0 and build number 211) for the Windows platform.

• Ensure that the endpoints on which you need to install the Solidcore client are supported (seeKB76459).

• Determine the database sizing requirements for your setup (see KB76580).

• Review the minimum system requirements for Change Control and Application Control (seeKB76579).

• Review the list of kernels for the Linux operating system for which the pre‑compiled binary files areincluded in the software (see KB76544).

Starting with the 6.1.0 release, the installation workflow for the Linux operating system haschanged. In the previous releases, product deployment support was limited due to requirement ofpre‑compiled kernel modules specific to the underlying kernels. With the 6.1.0 release, we have:

• Provided pre‑compiled binary files for a set of kernels and direct installation will occur(without compilation) on these set of kernels.

• Included capability to compile kernel modules for targets. If a pre‑compiled binary fileis unavailable for a kernel, installation is supported through compilation. If the neededbuild and packaging tools are present on the endpoint, the software compiles codeand creates a new build suitable for the installed kernel.

• Review the release notes to acquaint yourself with the known issues and identify dependencies youneed to consider.

Install the Solidcore extensionThe Solidcore extension installs on versions 4.5 and 4.6 of the McAfee ePO server. Use this task toinstall the Solidcore extension.

Task

1 Ensure that the extension file is stored at an accessible location.

2 Select Menu | Software | Extensions.

The Extensions page appears.

1 Installing the softwareInstall the Solidcore extension


https://kc.mcafee.com/corporate/index?page=content&id=KB76459




3 Click Install Extension.

4 Browse and select the Solidcore_<VERSION>.zip file.

5 Click OK.

6 Verify the information on the Install Extension page, then click OK.

7 Verify that the Solidcore product name appears in the Extensions list.

Specify licensesLicenses determine the product features available to you. At a time, you can enable one or allfeatures. Use this task to add licenses to enable the required features.

Task

1 Select Menu | Configuration | Server Settings.

The Setting Categories page appears.

2 Select Solidcore and click Edit.

The Edit Solidcore page appears.

3 Enter the license keys.

Evaluation licenses are valid only for 30 days.

4 Click Save.

Install the Solidcore clientYou can install and deploy the Solidcore client on Windows, Linux, and AIX platforms. For all supportedplatforms, the Solidcore client works well on both physical and virtual machines (VM).

Tasks• Add the package to the McAfee ePO repository on page 9

Use this task to add the Solidcore client package to the McAfee ePO repository.

• Install the Solidcore client on the endpoints on page 10Use this task to install the Solidcore client on the endpoints.

• Verify the Solidcore client installation on page 11Use this task to verify that the Solidcore client was installed successfully on an endpoint.

• Enable the Solidcore client on page 12Use this task to place the Solidcore client in Enabled mode.

Add the package to the McAfee ePO repositoryUse this task to add the Solidcore client package to the McAfee ePO repository.

Task

1 Select Menu | Software | Master Repository.

The Packages in the Master Repository page appears.

2 Select Actions | Check In Package.

Installing the softwareSpecify licenses 1


3 Set the package type to Product or Update (.ZIP).

4 Browse and select the package zip file.

5 Click Next.

The Package Options page appears.

6 Confirm the information.

• Package Info: Verify the package details.

• Branch: Select the desired branch. Set to Current for new products.

• Options: Optionally, select the Move the existing package to the Previous branch option to move an existingpackage to the previous branch.

• Package signing: Indicates if the package is signed by McAfee or is a third‑party package.

7 Click Save to add the package.

The new package appears in Packages in Master Repository list.

Install the Solidcore client on the endpointsUse this task to install the Solidcore client on the endpoints.

On the Linux platforms, if a pre‑compiled binary file does not exist for a kernel, the software compilesthe kernel module source code to create a build suitable for the kernel. Once this build is available, youcan reuse this build to install the software on all endpoints that use the same kernel. To do this:

1 Install the Solidcore client on one Linux endpoint (run the Product Deployment task onone endpoint). Ensure the endpoint has the needed build and packaging tools installed(for details see the Review prerequisites section). When you the run the task, thesoftware will create the needed build and place it in the <install directory>/dksdirectory on the endpoint.

2 Copy the created build and place it in the /opt/solidcore directory of the other similarendpoints. Note that the /opt/solidcore directory does not exist by default and needsto be created manually. Also, the naming convention followed for the builds issolidifier‑kmod‑<rel>‑<build>.<distro>.<kernel>.<arch>.rpm.

3 Install the Solidcore client on the other Linux endpoints (run the Product Deploymenttask on the endpoints).

Task1 Select Menu | Systems | System Tree.

2 Complete these steps for the McAfee ePO 4.6 console:

a Perform one of these actions:

• To apply the client task to a group, select a group in the System Tree and switch to theAssigned Client Tasks tab.

• To apply the client task to an endpoint, select the endpoint on the Systems page and clickActions | Agent | Modify Tasks on a Single System.

b Click Actions | New Client Task Assignment.

The Client Task Assignment Builder page appears.

1 Installing the softwareInstall the Solidcore client


c Select the McAfee Agent product and Product Deployment task type, then click Create New Task.

d Specify the task name and add any descriptive information.



• To apply the client task to a group, select a group in the System Tree and switch to the ClientTasks tab.


b Click Actions | New Task.

The Client Task Builder page appears.

c Specify the task name and add any descriptive information.

d Select Product Deployment.

e Specify the endpoints to consider, then click Next.

The Configuration page appears.

4 Select the target platform.

For example, when installing the Solidcore client package on the Windows operating system, selectWindows as the target platform.

5 Specify the component and action.

a Select the appropriate package from the Products and components list.

b Select the Install action.

c Select the language of the package.

d Specify the branch from which to add the package.

6 Click Save (McAfee ePO 4.6 only).

7 Click Next.

The Schedule page appears.

8 Specify scheduling details then click Next.

9 Review and verify the task details, then click Save.

10 Optionally, wake up the agent to send your client task to the endpoint immediately.

On all UNIX platforms, if you are using McAfee Agent 4.5 (earlier than patch 1), restart the McAfeeAgent service after you install, uninstall, or upgrade the Solidcore client.

Verify the Solidcore client installationUse this task to verify that the Solidcore client was installed successfully on an endpoint.


2 Select a group or endpoint from the list.

The Systems tab provides details for the selected node.

Installing the softwareInstall the Solidcore client 1


3 Review logs from the McAfee ePO console.

a Select a system on the Systems page.

b Select Actions | Agent | Show Agent Log to view the agent log for the endpoint.

By default, agent logs are not enabled on the McAfee ePO console. For information on how toenable agent logs, see the ePolicy Orchestrator Product Guide.

c Check the log to verify if the software was successfully installed at the endpoint.

4 Review the properties for the system.

a Wake up the agent to fetch properties immediately.

Typically, information is exchanged between the agent and server after theagent‑to‑server‑communication interval (ASCI) lapses. Default ASCI value is 60 minutes. Sendan agent wake‑up call to ensure immediate communication and data exchange between theserver and the agent, without waiting for the ASCI to expire.

b Click a system on the Systems page.

The details for the selected system are displayed.

c Perform one of these actions:

• On the McAfee ePO 4.6 console, click the Products tab and review the Solidcore version. Clickthe row to review additional information, including the product version and installation path.

• On the McAfee ePO 4.5 console, scroll and review the Solidcore section. Confirm the productversion and installation path.

Enable the Solidcore clientUse this task to place the Solidcore client in Enabled mode.


2 Complete these steps from the McAfee ePO 4.6 console:






c Select the Solidcore 6.1.0 product and SC: Enable task type, then click Create New Task.

The Client Task Catalog page appears.




3 Complete these steps from the McAfee ePO 4.5 console:







d Select SC: Enable (Solidcore 6.1.0), then click Next.


4 Select the platform.

5 Select the subplatform (only for the Windows and Unix platforms).

6 Select the version (only for the All except NT/2000 subplatform).

7 Indicate whether to enable Change Control, Application Control, or both.

8 Complete the following steps to enable Change Control.

Solidcore client version Steps

On Solidcore client version:• 5.1.5 or earlier (Windows)

• 6.0.1 or earlier (UNIX)

Select the Force Reboot with the task option to restart the endpoint.Restarting the system is necessary to enable the software.

On the Windows platforms, a pop‑up message is displayed at theendpoint 5 minutes before the endpoint is restarted. This allowsthe user to save work and data on the endpoint.

On UNIX platforms, the endpoint is restarted as soon as the taskis applied.

On Solidcore client version6.0.0 or later (Windows)

No configuration is needed.

On Solidcore client version6.1.0 or later (UNIX)

Deselect the Force Reboot with the task option.When using Solidcore client version 6.1.0 or later, restarting thesystem is not necessary to enable the software.

9 Complete the following steps to enable Application Control.




On Solidcore clientversion:• 5.1.2 or earlier (UNIX)

• 5.1.5 or earlier(Windows)

1 Select the Perform Initial Scan to create whitelist option to create thewhitelist when enabling Application Control.Application Control requires the creation of a list of all trustedexecutable files present on the endpoint system (known as thewhitelist). The one‑time activity of creating the whitelist is knownas whitelisting or solidification. You can choose to create theinventory while enabling the Solidcore client or defer to create itlater.

If you defer the scan, run the SC: Initial Scan to create whitelist clienttask after the SC: Enable task is applied and system is restarted.

2 Select Force Reboot with the task to restart the endpoint aftersolidification is complete.Restarting the system is necessary to enable the software. Apop‑up message is displayed at the endpoint 5 minutes before theendpoint is restarted. This allows the user to save work and dataon the endpoint.

On Solidcore client version6.1.0 or later (UNIX)

Deselect the Force Reboot with the task option.When using Solidcore client version 6.1.0 or later, restarting thesystem is not necessary to enable the software.

On Solidcore client version6.0.0 or later (Windows)

Solidcore clientversion 6.1 is notavailable for theWindows NT,Windows 2000,HP‑UX, Solaris, andWindRiver Linuxplatforms.

1. Specify the scan priority.

The set scan priority determines the priority of the thread that is runto create the whitelist on the endpoints. We recommend you set thescan priority to Low. This ensures that Application Control causesminimal performance impact on the endpoints but might take longer(than when you set the priority to High) to create the whitelist.

2. Specify the activation option.

Limited Feature Activation The endpoints are not restarted andlimited features of Application Control(memory protection features areunavailable) are activated. MemoryProtection features are available onlyafter the endpoint is restarted.




Full Feature Activation The endpoints are restarted, whitelistcreated, and all features of ApplicationControl including Memory Protection areactive. Restarting the endpoints isnecessary to enable the memoryprotection features. The endpoint isrestarted 5 minutes after the client task isreceived at the endpoint. A pop‑upmessage is displayed on the endpointbefore the endpoint is restarted.

3. Select the Start Observe Mode option to place the endpoints inObserve mode.

The Observation mode feature is available only on the Windowsoperating system.

4. Optionally, select the Pull Inventory option.

If you select this option, the software fetches the inventory details forthe endpoints (after the whitelist is created) and makes the detailsavailable on the McAfee ePO console when the ASCI lapses. Werecommend you select this option if you wish to manage theinventory using the McAfee ePO console.


11 Click Next.


12 Specify scheduling details, then click Next.

13 Review and verify the task details, then click Save.


15 Verify that the software is enabled.





• On the McAfee ePO 4.6 console, select the Products tab and review the Solidcore version. Clickthe row to review the license status.

• On the McAfee ePO 4.5 console, scroll and review the Solidcore section. Click More and reviewthe license status.





2 Upgrading the software

This section describes how to upgrade Change Control or Application Control.

Contents Upgrade the Solidcore extension Upgrade the Solidcore client

Upgrade the Solidcore extensionUse this task to upgrade the Solidcore extension.

Task1 Back up the relevant files before you upgrade the Solidcore extension.

a Stop the McAfee ePO Event Parser service.

1 Select Control Panel | Administrative Tools | Services.

2 Right‑click the McAfee ePolicy Orchestrator <version> Event Parser service and click Stop.

b Back up the following:

• McAfee ePO database

• <McAfee ePO install dir>\Server\extensions\installed\Solidcore directory

• <McAfee ePO install dir>\Server\conf\Catalina\localhost\SOLIDCORE_META.xml file

2 Ensure that the extension file is stored at an accessible location.

3 Select Menu | Software | Extensions.


4 Click Install Extension.

5 Browse and select the Solidcore_<VERSION>.zip file.

A warning message states that the existing extension will be replaced.

6 Click OK.

7 Verify the information on the Install Extension page, then click OK.

2


8 Verify that the Solidcore product name appears in the Extensions list.

After you upgrade the Solidcore extension, the domain netbiosName for existing users importeddirectly from an Active Directory to rule groups and policies will not be populated. To ensure thedomain netbiosName is available for such users, delete and reimport users from the ActiveDirectory. After the upgrade, any users that you import from the Active Directory and add to new orexisting rule groups and policies will automatically include the domain netbiosName.

9 Start the McAfee ePO Event Parser service.

a Select Control Panel | Administrative Tools | Services.

b Right‑click the McAfee ePolicy Orchestrator <version> Event Parser service and click Start.

10 Verify that migration of data was successful.

a Select Menu | Automation | Server Task Log.

b Check if the Solidcore: Migration server task was completed.

This server task completes upgrade‑related activities.

c If the migration fails, review the server task log, resolve any issues, and run the Solidcore:Migration server task manually to complete the migration.

When you upgrade the Solidcore extension (from the 5.1.5 or earlier version), existing inventoryand image deviation data is not migrated. After you upgrade, you must fetch inventory details, asneeded. Also, during upgrade one of the following occurs for dashboards and reports:

• If you did not edit a default dashboard or report, the upgrade operation overwritesthe dashboard or report.

• If you edited a default dashboard or report, the upgrade operation retains the editeddashboard or report and adds the corresponding new dashboard or report with asuffix.

11 Optionally, run the Rule Group Sanity Check server task from the McAfee ePO console to fix theinconsistencies in the rule groups.

This server task reports and corrects (if possible) discrepancies and inconsistencies in the Solidcorerule groups and policies.

a Select Menu | Automation | Server Tasks.

b Click New Task.

The Server Task Builder wizard opens.

c Type the task name and click Next.

d Select Solidcore: Rule Group Sanity Check from the Actions drop‑down list.

e Click Next.

f Specify the schedule for the task.

g Click Next.

The Summary page appears.

h Review the task summary and click Save.

i Review the logs generated by the server task (on the Server Task Log page) to view the warnings,if any.

2 Upgrading the softwareUpgrade the Solidcore extension


Upgrade the Solidcore clientYou can upgrade the Solidcore client on Windows, Linux, and AIX platforms. For all supportedplatforms, the Solidcore client works well on both physical and virtual machines (VM).

For information on the supported operating systems, see KB76459.

If you cannot upgrade the Solidcore clients on your critical endpoints, the endpoints work well with theupgraded Solidcore extension. However, the new features available in the 6.1.0 version are not availableon the endpoints until you upgrade the Solidcore client version.

Tasks• Add the Solidcore client package to the repository on page 19

Use this task to add the Solidcore client package to the McAfee ePO repository.

• Change the mode of the Solidcore clients on page 20Upgrade is supported in the Update, Disabled, or Observe (Windows only ‑ on all exceptWindows NT and Windows 2000) mode. It is recommended that you perform the upgradein Update mode.

• Upgrade the Solidcore client on the endpoints on page 23Use this task to upgrade the Solidcore client on the endpoints.

• Verify the Solidcore client upgrade on page 24Use this task to verify that the Solidcore client was upgraded successfully on an endpoint.

• Place the endpoints in Enabled mode on page 25After you upgrade the Solidcore client, you must place the endpoints in Enabled mode.

Add the Solidcore client package to the repositoryUse this task to add the Solidcore client package to the McAfee ePO repository.

Task1 Select Menu | Software | Master Repository.

The Packages in the Master Repository page appears.

2 Select Actions | Check In Package.

3 Set the package type to Product or Update (.ZIP).

4 Browse and select the package zip file.

5 Click Next.

The Package Options page appears.

6 Confirm the information.

• Package Info: Verify the package details.

• Branch: Select the desired branch. Set to Current for new products.

• Options: Optionally, select the Move the existing package to the Previous branch option to move an existingpackage to the previous branch.

• Package signing: Indicates if the package is signed by McAfee or is a third‑party package.

7 Click Save to check in the package.

The new package appears in Packages in Master Repository list.

Upgrading the softwareUpgrade the Solidcore client 2



Change the mode of the Solidcore clientsUpgrade is supported in the Update, Disabled, or Observe (Windows only ‑ on all except Windows NTand Windows 2000) mode. It is recommended that you perform the upgrade in Update mode.

Tasks• Place the endpoints in Update mode on page 20

Use this task to place the endpoints in Update mode.

• Place the endpoints in Disabled mode on page 21Use the Disabled mode only if your endpoint is currently in Disabled mode.

• Place the endpoints in Observe mode on page 22Use this task to place the endpoints in Observe mode.

Place the endpoints in Update modeUse this task to place the endpoints in Update mode.We recommend that you upgrade using the Update mode.


2 Complete these steps for the McAfee ePO 4.6 console:a Perform one of these actions:





c Select the Solidcore 6.1.0 product, SC: Begin Update Mode task type, and click Create New Task.



3 Complete these steps for the McAfee ePO 4.5 console:a Perform one of these actions:






d Select SC: Begin Update Mode (Solidcore 6.1.0) and click Next.


4 Enter the Workflow ID and comments.

The workflow ID can be a meaningful description for the update window.


2 Upgrading the softwareUpgrade the Solidcore client


6 Click Next.


7 Specify scheduling details and click Next.

8 Review and verify the task details and click Save.


Place the endpoints in Disabled modeUse the Disabled mode only if your endpoint is currently in Disabled mode.

Use this task to place the endpoints in Disabled mode.








c Select the Solidcore 6.1.0 product, SC: Disable task type, and click Create New Task.










d Select SC: Disable (Solidcore 6.1.0) and click Next.


4 Complete the following steps.



License Solidcore clientversion

Steps

ApplicationControl

• 5.1.2 or earlier (UNIXand Windows)

• 6.0.0 and later(Windows)

Select Force Reboot with the task to restart the endpoints.

• 6.1.0 and later (UNIX) Deselect the Force Reboot with the task option if you aretemporarily disabling the client protection formaintenance or troubleshooting. The software isdisabled as soon as the task is applied.If you are disabling the software prior to uninstallation,select the Force Reboot with the task option.

ChangeControl

• 6.0.1 or earlier (UNIX)

• 6.0.0 and later(Windows)

Select Force Reboot with the task to restart the endpoints.

• 6.1.0 and later (UNIX) Deselect the Force Reboot with the task option if you aretemporarily disabling the client protection formaintenance or troubleshooting. The software isdisabled as soon as the task is applied.If you are disabling the software prior to uninstallation,select the Force Reboot with the task option.


6 Click Next.





Place the endpoints in Observe modeUse this task to place the endpoints in Observe mode.Observe mode is available on all supported Windows platforms except Windows NT and Windows2000. Note that Observe mode is not available on the UNIX platforms.







The Client Task Assignment Builder page displays.



c Select the Solidcore 6.1.0 product, SC: Observe Mode task type, and click Create New Task.

The Client Task Catalog page displays.







The Client Task Builder page displays.


d Select SC: Observe Mode (Solidcore 6.1.0) and click Next.

The Configuration page displays.

4 Enter the Workflow ID and any comments.

The workflow ID provides a meaningful description for switching to Observe mode.


6 Click Next.

The Schedule page displays.




Upgrade the Solidcore client on the endpointsUse this task to upgrade the Solidcore client on the endpoints.








c Select the McAfee Agent product, Product Deployment task type, and click Create New Task.













e Specify the endpoints to consider and click Next.



For example, when installing the Solidcore client package on the Windows operating system, selectWindows as the target platform.



b Select the Install action.


d Set branch to Current for new packages.


7 Click Next.





On all UNIX platforms, if you are using McAfee Agent 4.5 (earlier than patch 1), restart the McAfeeAgent service after you install, uninstall, or upgrade the Solidcore agent.

Verify the Solidcore client upgradeUse this task to verify that the Solidcore client was upgraded successfully on an endpoint.


2 Select a group or endpoint from the list.

The Systems tab provides details for the selected node.



3 Review logs from the McAfee ePO console.

a Select a system on the Systems page.

b Select Actions | Agent | Show Agent Log to view the agent log for the endpoint.

By default, agent logs are not enabled on the McAfee ePO console. For information on how toenable agent logs, see the ePolicy Orchestrator Product Guide.

c Check the log to verify if the software was successfully upgraded at the endpoint.

4 Review the properties for the system.


Typically, information is exchanged between the agent and server after theagent‑to‑server‑communication interval (ASCI) lapses. The default ASCI value is 60 minutes.Send an agent wake‑up call to ensure immediate communication and data exchange betweenthe server and the agent, without waiting for the ASCI to expire.




• On the McAfee ePO 4.6 console, select the Products tab and review the Solidcore version. Clickthe row to review additional information, including the product version and installation path.

• On the McAfee ePO 4.5 console, scroll and review the Solidcore section. Confirm the productversion and installation path.

Place the endpoints in Enabled modeAfter you upgrade the Solidcore client, you must place the endpoints in Enabled mode.

Tasks

• Exit the Update mode on page 25If you upgraded in Update mode, exit the Update mode.

• Enable the Solidcore client on page 26If you upgraded in Disabled mode, enable the Solidcore client.

• Exit the Observe mode on page 26If you upgraded in Observe mode, exit the Observe mode.

Exit the Update modeIf you upgraded in Update mode, exit the Update mode.

Use this task to place the endpoints back in Enabled mode after you complete the required changes inthe Update mode.

Task

1 Select Menu | Systems | System Tree.









c Select the Solidcore 6.1.0 product, SC: End Update Mode task type, and click Create New Task.


d Specify the task name and add any information.








d Select SC: End Update Mode (Solidcore 6.1.0) and click Next.

The Configuration page states that no other configuration settings are required for the task.


5 Click Next.





9 Restart the endpoints.

Enable the Solidcore clientIf you upgraded in Disabled mode, enable the Solidcore client.

Use this task to place the Solidcore client in Enabled mode.

Task1 Place the endpoints in Enabled mode.

For detailed information, see the Enable the Solidcore client section.


Exit the Observe modeIf you upgraded in Observe mode, exit the Observe mode.

Use this task to place the endpoints in Enabled mode after you complete the required changes in theObserve mode.









The Client Task Assignment Builder page displays.

c Select the Solidcore 6.1.0 product, SC: Observe Mode task type, and click Create New Task.

The Client Task Catalog page displays.







The Client Task Builder page displays.


d Select SC: Observe Mode (Solidcore 6.1.0) and click Next.

The Configuration page displays.

4 Select End Observe Mode.

5 Select Enable Solidcore client to place the endpoint in Enabled mode.

6 Select Update changes made in Observe Mode to whitelist to update the inventory with the recent changes.


8 Click Next.

The Schedule page displays.









3 Uninstalling the software

This section describes how to uninstall Change Control or Application Control.

Contents Remove the Solidcore client Remove the Solidcore extension Remove the Solidcore client package

Remove the Solidcore clientUse this task to remove the Solidcore client.

Task1 Place the endpoints in Disabled mode.

For detailed information, see the Place the endpoints in Disabled mode section.


3 Select Menu | Systems | System Tree.







c Select the McAfee Agent product, Product Deployment task type, and click Create New Task.







3






e Specify the endpoints to consider and click Next.





b Select the Remove action.


d Set branch to Current for new packages.


9 Click Next.





13 Verify the Solidcore client removal.


Typically, information is exchanged between the agent and server after theagent‑to‑server‑communication interval (ASCI) lapses. Default ASCI value is 60 minutes. Sendan agent wake‑up call to ensure immediate communication and data exchange between theserver and the agent, without waiting for the ASCI to expire.




• On the McAfee ePO 4.6 console, click the Products tab and ensure Solidcore is not listed.

• On the McAfee ePO 4.5 console, scroll and ensure that the Solidcore section is not present.

Remove the Solidcore extensionUse this task to remove the Solidcore extension.

Task1 Select Menu | Software | Extensions.


2 Select Solidcore from the Extensions list.

3 Uninstalling the softwareRemove the Solidcore extension


3 Click Remove.

When you remove the Solidcore extension, the all product‑specific tables (SCOR tables) areremoved from the database. However, all default and user‑defined dashboards and reports areretained in the database. To remove all Solidcore dashboards and queries perform the followingsteps:

a Remove the Solidcore dashboards.

1 Select Menu | Reporting | Dashboards.

The Dashboards page displays.

2 Perform one of these actions:

• From the McAfee ePO 4.6 console, review the items in the Dashboard list.

• From the McAfee ePO 4.5 console, select Options | Manage Dashboards to view the availabledashboards.

3 Delete following dashboards.

• Solidcore: Application Control

• Solidcore: Change Control

• Solidcore: Integrity Monitor

• Solidcore: Inventory

b Remove the Solidcore queries.

Note that when you remove queries, the Application Control and Change Control folders aredeleted including all the queries contained in the folders. If you wish to save a query, save thespecific query in a different folder.

1 Select Menu | Reporting.

2 Perform one of these actions:

• From the McAfee ePO 4.6 console, select Queries & Reports.

• From the McAfee ePO 4.5 console, select Queries.

3 Expand the Shared Groups category and delete the following folders.

• Application Control

• Change Control

Remove the Solidcore client packageUse this task to remove the Solidcore client package.

Task1 Select Menu | Software | Master Repository.

The Packages in Master Repository page appears.

2 Select Delete for a package.

Uninstalling the softwareRemove the Solidcore client package 3


3 Uninstalling the softwareRemove the Solidcore client package


4 FAQs

This section helps you clarify the frequently asked questions about this product.

Can the same Solidcore client be used for Change Control and Application Control?

The license key determines the features available for use; any or all features can be used at a time. Atany time, you can add and enable a new stock‑keeping unit (SKU) on an endpoint on which theSolidcore client is enabled. For example, if you are currently using Change Control and wish to addand use Application Control, complete these steps.

1 Disable the Solidcore client on the endpoint.

For more information, see the Place the endpoints in Disabled mode section.

2 Enter the license.

For more information, see the Specify licenses section.

3 Enable the Solidcore client on the endpoint.

For more information, see the Enable the Solidcore client section.

Can the Solidcore client be deployed on a Virtual Machine?

The Solidcore client works on a Virtual Machine if the operating system installed on the VirtualMachine is supported by the Solidcore client. For a list of the supported platforms, see KB76459.

4



4 FAQs


Index

Aabout this guide 5

Cconventions and icons used in this guide 5

Ddocumentation

audience for this guide 5product-specific, finding 6typographical conventions and icons 5

MMcAfee ServicePortal, accessing 6

SServicePortal, finding product documentation 6

TTechnical Support, finding product information 6

Wwhat's in this guide 6


00

Documents

Application Control 6.1.0 McAfee Change Control and … Click Install Extension. 4 Browse and select the Solidcore_.zip file. 5 Click OK. 6 Verify the information on