McAfee Application Control 6.2€¦ · 2 McAfee Application Control 6.2.0 Command Line Interface Guide. ... (Windows XP and Windows ... Application Control Command Line Interface

Command Line Interface Guide

McAfee Application Control 6.2.0

COPYRIGHT

Copyright © 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

TRADEMARK ATTRIBUTIONSIntel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee ActiveProtection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfeeTotal Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.Other marks and brands may be claimed as the property of others.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 McAfee Application Control 6.2.0 Command Line Interface Guide

http://www.intelsecurity.com

Contents

1 Application Control Command Line Interface reference 5

2 Argument details 19

McAfee Application Control 6.2.0 Command Line Interface Guide 3

Contents


1 Application Control Command LineInterface reference

This section details all commands that are available for Application Control when using the commandline interface (CLI).

In the OS column, these abbreviations indicate the supported operating systems.

• L — Linux

• W — Windows

In the Mode column, these abbreviations indicate the supported mode for the command.

• D — Disabled mode

• E — Enabled mode

• U — Update mode

Table 1-1 Command details

Command Description Syntax OS Mode

attr Modifies or lists theApplication Controlconfiguration attributes list.

sadmin attr add -a filename1 ...filenameN

L E, D, U

sadmin attr add -p filename1 ...filenameNsadmin attr add -u filename1 ...filenameNsadmin attr add -o parent=filename2 -p filename1sadmin attr remove -afilename1 ... filenameNsadmin attr remove -pfilename1 ... filenameNsadmin attr remove -ufilename1 ... filenameNsadmin attr list -a filename1 ...filenameN

sadmin attr list -p filename1 ...filenameN

sadmin attr list -u filename1 ...filenameN

sadmin attr flush -a

1


Table 1-1 Command details (continued)


sadmin attr flush -p

sadmin attr flush -u


W (32-bit) E, D, U

sadmin attr add -b filename1 ...filenameNsadmin attr add -c filename1 ...filenameNsadmin attr add -d filename1 ...filenameN (Windows XP and WindowsServer 2003 only)

sadmin attr add -e filename1 ...filenameN (Windows XP and WindowsServer 2003 only)

sadmin attr add -f filename1 ...filenameNsadmin attr add -h filename1 ...filenameNsadmin attr add -o parent=filename2 -i filename1sadmin attr add -j filename1 ...filenameNsadmin attr add -l filename1 ...filenameNsadmin attr add -p filename1 ...filenameNsadmin attr add -r filename1 ...filenameN (Windows XP and WindowsServer 2003 only)

sadmin attr add -u filename1 ...filenameNsadmin attr add -v filename1 ...filenameN (Windows Vista and later)

sadmin attr add -o parent=filename2 -p filename1sadmin attr add -o module=modulename -v filename1 (WindowsVista and later)

sadmin attr remove -afilename1 ... filenameN

sadmin attr remove -bfilename1 ... filenameN

sadmin attr remove -cfilename1 ... filenameN

1 Application Control Command Line Interface reference




sadmin attr remove -dfilename1 ... filenameN (WindowsXP and Windows Server 2003 only)

sadmin attr remove -efilename1 ... filenameN (WindowsXP and Windows Server 2003 only)

sadmin attr remove -ffilename1 ... filenameN

sadmin attr remove -hfilename1 ... filenameNsadmin attr remove -ifilename1 ... filenameN

sadmin attr remove -jfilename1 ... filenameNsadmin attr remove -lfilename1 ... filenameN

sadmin attr remove -pfilename1 ... filenameN

sadmin attr remove -rfilename1 ... filenameN (WindowsXP and Windows Server 2003 only)

sadmin attr remove -ufilename1 ... filenameN

sadmin attr remove -vfilename1 ... filenameN (WindowsVista and later)

sadmin attr list -a filename1 ...filenameN

sadmin attr list -b filename1 ...filenameN

sadmin attr list -c filename1 ...filenameN

sadmin attr list -d filename1 ...filenameN (Windows XP and WindowsServer 2003 only)

sadmin attr list -e filename1 ...filenameN (Windows XP and WindowsServer 2003 only)

sadmin attr list -f filename1 ...filenameN

sadmin attr list -h filename1 ...filenameNsadmin attr list -i filename1 ...filenameN

Application Control Command Line Interface reference 1




sadmin attr list -j filename1 ...filenameNsadmin attr list -l filename1 ...filenameN


sadmin attr list -r filename1 ...filenameN (Windows XP and WindowsServer 2003 only)


sadmin attr list -v filename1 ...filenameN (Windows Vista and later)


sadmin attr flush -b

sadmin attr flush -c

sadmin attr flush -d (Windows XPand Windows Server 2003 only)

sadmin attr flush -e (Windows XPand Windows Server 2003 only)

sadmin attr flush -f

sadmin attr flush -hsadmin attr flush -i

sadmin attr flush -jsadmin attr flush -l


sadmin attr flush -r (Windows XPand Windows Server 2003 only)


sadmin attr flush -v (WindowsVista and later)


W (64-bit) E, D, U

sadmin attr add -e filename1 ...filenameN (Windows XP and WindowsServer 2003 only)

sadmin attr add -h filename1 ...filenameN





sadmin attr add -o parent=filename2 -i filename1

sadmin attr add -j filename1 ...filenameNsadmin attr add -n filename1 ...filenameN

sadmin attr add -n -y filename1(Not available on Windows Server2012)

sadmin attr add -p filename1 ...filenameN

sadmin attr add -r filename1 ...filenameN (Windows XP and WindowsServer 2003 only)

sadmin attr add -u filename1 ...filenameN

sadmin attr add -v filename1 ...filenameN (Windows Vista and later)

sadmin attr add -o parent=filename2 -p filename1

sadmin attr add -o module=modulename -v filename1 (WindowsVista and later)

sadmin attr remove -afilename1 ... filenameN

sadmin attr remove -efilename1 ... filenameN (WindowsXP and Windows Server 2003 only)

sadmin attr remove -hfilename1 ... filenameNsadmin attr remove -ifilename1 ... filenameN

sadmin attr remove -jfilename1 ... filenameNsadmin attr remove -nfilename1 ... filenameN

sadmin attr remove -pfilename1 ... filenameN

sadmin attr remove -rfilename1 ... filenameN (WindowsXP and Windows Server 2003 only)

sadmin attr remove -ufilename1 ... filenameN





sadmin attr remove -vfilename1 ... filenameN (WindowsVista and later)

sadmin attr list -a filename1 ...filenameN

sadmin attr list -e filename1 ...filenameN (Windows XP and WindowsServer 2003 only)

sadmin attr list -h filename1 ...filenameNsadmin attr list -i filename1 ...filenameN

sadmin attr list -j filename1 ...filenameNsadmin attr list -n filename1 ...filenameN


sadmin attr list -r filename1 ...filenameN (Windows XP and WindowsServer 2003 only)


sadmin attr list -v filename1 ...filenameN (Windows Vista and later)


sadmin attr flush -e (Windows XPand Windows Server 2003 only)

sadmin attr flush -hsadmin attr flush -i

sadmin attr flush -jsadmin attr flush -n


sadmin attr flush -r (Windows XPand Windows Server 2003 only)


sadmin attr flush -v (On WindowsVista and later)

For more information about this command, see Configure memory-protection techniquesand Maintain your systems in McAfee Application Control 6.2.0 Product Guide forstandalone mode.





auth Authorizes an application(executable, installer, orbatch file) as a whitelist, orunauthorizes an applicationby adding to the blacklist.The application might belocally installed, invoked, orinstalled or invoked from ashared drive.

sadmin auth -a -c checksum W E, D, U

sadmin auth -a [ -t rule id ] -cchecksum

sadmin auth -a [ -t rule id ][ -u ] -c checksum

sadmin auth -b -c checksum

sadmin auth -b [ -t rule id] -cchecksum

sadmin auth -r checksum

sadmin auth -l

sadmin auth -f

For more information about this command, see Override Application Control protection inMcAfee Application Control 6.2.0 Product Guide for standalone mode.

begin-update (bu)

Initiates the Update modeto help perform softwareupdates and installations.

sadmin begin-update [ workflow-id[ comment ]]sadmin bu [ workflow-id[ comment ]]

L, W E, D

For more information about this command, see Maintain your systems in McAfeeApplication Control 6.2.0 Product Guide for standalone mode.

cert Manages certificates fordigitally signed files. Youcan add, remove, or list thecertificates in theApplication Controlcertificate store, which is adirectory within the installdirectory <instlall_dir>/Certificates.

sadmin cert add certificate_name W E, D, U

sadmin cert add -ucertificate_name

sadmin cert add -ccertificate_content

sadmin cert remove SHA1

sadmin cert remove -ccertificate_content

sadmin cert list

sadmin cert list -d

sadmin cert list -u

sadmin cert list [ -d | -u ]

sadmin cert flush


check Validates and fixes theattributes of the specifiedfile or files against the fileinventory.

sadmin check [ -r ] L, W E, D, U

sadmin check [ -r ] filename1 ...filenameN





sadmin check [ -r ]directoryname1 ... directorynameN

sadmin check [ -r ]volumename1 ... volumenameN


config Allows you to:• Export current

configuration settings to afile.

• Import configurationsettings from a file to anexisting installation.

sadmin config export filename L, W E, D, U

sadmin config import [ -a ]filename

sadmin config set name=value

sadmin config show

For more information about this command, see Configure advanced features in McAfeeApplication Control 6.2.0 Product Guide for standalone mode.

diag Runs diagnostics and offerssuggestions on programsand applications toauthorize (to performupdates).

sadmin diag W E, U

sadmin diag fix [ -f ]


disable Activates the Disabledmode. Restart the systemto make sure that thecommand is applied. On theLinux platform, ifApplication Control is in theEnabled mode, systemrestart is not required toapply this command.However, to uninstall theproduct, system restart isrequired.

sadmin disable L, W E, U


enable Activates the Enabled mode.Restart the system to makesure that the command isapplied. Alternatively,restart the ApplicationControl service to apply thiscommand. However, thememory-protection featurewill be available only aftersystem restart.

sadmin enable L, W D

For more information about this command, see How do I deploy Application Control inMcAfee Application Control 6.2.0 Product Guide for standalone mode.





end-update (eu)

Ends the Update mode andactivates the Enabled mode.

sadmin end-updatesadmin eu

L, W U


event Configures the log targets(sinks) for generatedevents.

sadmin event sink L, W E, D, U

sadmin event sink eventname

sadmin event sink -a { eventname| ALL } { sinkname | ALL }

sadmin event sink -r { eventname| ALL } { sinkname | ALL }


features Enables, disables, or liststhe features on an existinginstallation.

sadmin features [-d] L, W E, D, U

sadmin features enablefeaturename

sadmin features disablefeaturename

sadmin features list


help Provides information aboutbasic commands.

sadmin help L, W E, D, U

sadmin help [ command ]

For more information about this command, see Getting started in McAfee ApplicationControl 6.2.0 Product Guide for standalone mode.

help-advanced

Provides information aboutadvance commands.

sadmin help-advanced L, W E, D, U

sadmin help-advanced [ command ]

For more information about this command, see Getting started in McAfee ApplicationControl 6.2.0 Product Guide for standalone mode.

license Adds or displays licensinginformation.

sadmin license add licensekey L, W D

sadmin license list


list-solidified(ls)

Lists the whitelisted files,directories, and volumes.

sadmin list-solidified [ -l ]sadmin ls [ -l ]

L, W E, D, U

sadmin list-solidified [ -l ]filename1 ... filenameNsadmin ls [ -l ] filename1 ...filenameN





sadmin list-solidified [ -l ]directoryname1 ... directorynameNsadmin ls [ -l ]directoryname1 ... directorynameN

sadmin list-solidified [ -l ]volumename1 ... volumenameNsadmin ls [ -l ] volumename1 ...volumenameN


list-unsolidified(lu)

Lists the files, directories,and volumes that are notwhitelisted.

sadmin list-unsolidifiedsadmin lu

L, W E, D, U

sadmin list-unsolidifiedfilename1 ... filenameNsadmin lu filename1 ... filenameN

sadmin list-unsolidifieddirectoryname1 ... directorynameNsadmin lu directoryname1 ...directorynameN

sadmin list-unsolidifiedvolumename1 ... volumenameNsadmin lu volumename1 ...volumenameN


lockdown Disables the local commandline interface. Afterlockdown, you can onlyissue the help,help‑advanced, status,version, and recovercommands.

sadmin lockdown L, W E, D, U

passwd Sets a password for thecommand line interface.

If the password is set, youmust verify the passwordbefore executing criticalcommands.

Using sadmin passwd -dcommand removes thepassword.

sadmin passwd L, W E, D, U

sadmin passwd -d






read-protect (rp)

Displays or modifies theread-protection rules. Youmust specify complete fileor directory names with thiscommand.For more information aboutrp command, see Protectthe file system componentschapter in the McAfeeApplication Control ProductGuide for standalone 6.2.0.

sadmin read-protect -ipathname1 ... pathnameN

L, W E, D, U

sadmin read-protect -epathname1 ... pathnameN

sadmin read-protect -rpathname1 ... pathnameN

sadmin read-protect -l

sadmin read-protect -f

For more information about this command, see Protect the file system components inMcAfee Application Control 6.2.0 Product Guide for standalone mode.

recover Recovers the localcommand line interface.

sadmin recover L, W E, D, U

sadmin recover -f

solidify(so)

Adds specified files in adirectory or system volumeto the whitelist.

sadmin solidify [ -q | -v ] L, W E, D, U

sadmin solidify [ -q | -v ]filename1 ... filenameN

sadmin solidify [ -q | -v ]directoryname1 ... directorynameN

sadmin solidify [ -q | -v ]volumename1 ... volumenameN


status Displays the status ofApplication Control. You canview the operational mode,operational mode on systemrestart, connectivity withMcAfee® ePolicyOrchestrator® (McAfeeePO™) , access status, andwhitelist status of the localCLI.

sadmin status L, W E, D, U

sadmin status volumename


trusted Identifies a local or remoteshare as a trusted volumeor directory. You caninclude, exclude, remove,list, or flush the trustedvolumes or directories.

sadmin trusted -i pathname1 ...pathnameN

L E, D, U

sadmin trusted -e pathname1 ...pathnameN

sadmin trusted -r pathname1 ...pathnameN

sadmin trusted -l

sadmin trusted -f





sadmin trusted -ivolumesetname1 ... volumesetnameN

W E, D, U

sadmin trusted -i pathname1 ...pathnameN

sadmin trusted -evolumesetname1 ... volumesetnameN

sadmin trusted -e pathname1 ...pathnameN

sadmin trusted -rvolumesetname1 ... volumesetnameN

sadmin trusted -r pathname1 ...pathnameN

sadmin trusted -l

sadmin trusted -f

sadmin trusted -u <network path>


unsolidify (unso)

Removes specifiedwhitelisted files from thewhitelist.

sadmin unsolidify [ -v ] L, W E, D, U

sadmin unsolidify [ -v ]filename1 ... filenameN

sadmin unsolidify [ -v ]directoryname1 ... directorynameN

sadmin unsolidify [ -v ]volumename1 ... volumenameN


updaters Adds, deletes, lists, orflushes programs from thelist of authorized updaters.

sadmin updaters add [ -d ]{ binaryname }

L E, D, U

sadmin updaters add [ -n ]{ binaryname }

sadmin updaters add [ -pparent-programname ]{ binaryname }

sadmin updaters add [ -trule-id ] { binaryname }

sadmin updaters add [ -d ] [ -n ][ -t rule-id ] [ -pparent-programname ]{ binaryname }

sadmin updaters remove{ binaryname }





sadmin updaters remove [ -pparent-programname ]{ binaryname }

sadmin updaters list

sadmin updaters flush

sadmin updaters add [ -d ]{ binaryname }

W E, D, U

sadmin updaters add [ -llibraryname ] { binaryname }

sadmin updaters add [ -n ]{ binaryname }

sadmin updaters add [ -pparent-binaryname ]{ binaryname }

sadmin updaters add [ -trule-id ] { binaryname }

sadmin updaters add [ -d ] [ -n ][ -t rule-id ] [ -l libraryname ]{ binaryname }

sadmin updaters add [ -d ] [ -n ][ -t rule-id ] [ -pparent-binaryname ]{ binaryname }

sadmin updaters add [ -trule-id ] -u username

sadmin updaters remove{ binaryname }

sadmin updaters remove [ -llibraryname ] { binaryname }

sadmin updaters remove [ -pparent-binaryname ]{ binaryname }

sadmin updaters remove -uusername

sadmin updaters list

sadmin updaters flush


version Displays the version of theinstalled Application Control

sadmin version L, W E, D, U






write-protect (wp)

Write-protects specified filesincluding the whitelistedfiles. You must specifycomplete file or directorynames with this command.

sadmin write-protect -ipathname1 ... pathnameN

L, W E, D, U

sadmin write-protect -epathname1 ... pathnameN

sadmin write-protect -rpathname1 ... pathnameN

sadmin write-protect -l

sadmin write-protect -f


write-protect-reg(wpr)

Write-protects specifiedregistry keys including thewhitelisted registry keys.

sadmin write-protect-reg -iregistrykeyname1 ...registrykeynameN

W E, D, U

sadmin write-protect-reg -eregistrykeyname1 ...registrykeynameN

sadmin write-protect-reg -rregistrykeyname1 ...registrykeynameN

sadmin write-protect-reg -l

sadminwrite-protect-reg -f




2 Argument details

This table lists the commands with the supported arguments and their description. In the Argumentcolumn, the supported arguments for the commands are listed in alphabetical order.

You can use -z argument to prevent the system from prompting for the password. This argument canbe used in all CLI commands to provide the CLI password (so that the system does not prompt forpassword). For example, if the CLI password is set and you issue the sadmin wp -i abc.txtcommand, the system immediately prompts you for the password. Using the -z argument, you canissue the sadmin wp -z <password> -i abc.txt command to provide the password with the issuedcommand.

Table 2-1 Argument details

Command Argument Description

attr -a Always authorizes by file name. This is a deprecatedtechnique. For more information, contact McAfee Support.

-b Configures the bypass, restore, list, and flush rules for acomponent protected using the Mangling technique. This isa deprecated technique. For more information, contactMcAfee Support.

-c Configures the bypass, restore, list, and flush rules for acomponent protected using the Critical Address SpaceProtection technique.

-d Configures the bypass, restore, list, and flush rules for acomponent protected using the mp-vasr-randomizationtechnique.

-e Configures the add, remove, list, and flush rules for acomponent protected using the mp-vasr-rebasingtechnique.

-f Bypasses from full crawl attribute. This is a deprecatedtechnique. For more information, contact McAfee Support.

-h Adds a binary to MP Compat protection.

-i Configures the bypass, restore, list, and flush rules for abinary using the Package Control feature.

-j Bypasses a binary from MP Compat protection.

-l Configures the bypass, restore, list, and flush rules for acomponent using the Anti-Debugging technique. This is adeprecated technique. For more information, contactMcAfee Support.

-n Configures the bypass, restore, list, and flush rules for acomponent using the mp-nx technique.

-y Includes child processes for a component to be bypassedusing the mp-nx technique. This argument can only bespecified with the -n argument.

2


Table 2-1 Argument details (continued)


-o Indicates to specify the DLL module name for a specifiedprocess. This argument can be used with -p, -v, and -iarguments. On the Linux platform, use this argument tospecify the parent program for the -p attribute.

-p Bypasses from process context file operations attribute.

-r Configures the bypass, restore, list, and flush tasks for acomponent using the mp-vasr-relocation technique.

-u Always unauthorizes by file name. This is a deprecatedtechnique. For more information, contact McAfee Support.

-v Bypasses from Forced DLL relocation attribute.

auth -a Authorizes a binary using the checksum value.

-b Bans a binary using the checksum value.

-c Specifies the checksum value.

-f Flushes all authorized or banned binaries.

-l Lists all authorized and banned binaries.

-r Removes the authorized or banned binaries.

-t Includes the associated tag name for a binary to bebanned.

-u Authorizes a binary and also provides updater privilegeswhen used with the -a and -c arguments.

begin-update (bu) workflow-id Indicates to specify an ID while switching to the Updatemode. This ID can be used for tracking purposes in achange management for ticketing system.

comment Indicates to use a descriptive text for the workflow ID.

cert -c Specifies the certificate content as trusted.

-d Lists all details of the issuer and subject of the certificatesadded to the system.

-u Provides updater privileges to a certificate that is added asa trusted certificate or list the trusted certificates withupdater privileges.

check -r Fixes any inconsistencies that are encountered.

config -a Appends the configuration values.

diag -f Applies the diagnosed configuration changes for therestricted programs, such as winlogon.exe and svchost.exe.

disable NA NA

enable NA NA

end-update (eu) NA NA

event -a Adds sinks to the specified event.

-r Removes sinks from the specified event.

features -d Lists all features (including the hidden features).For more information, contact McAfee Support.

help NA NA

2 Argument details




help-advanced NA NA

license NA NA

list-solidified (ls) -l Lists details of the whitelisted files.

list-unsolidified (lu) NA NA

lockdown NA NA

passwd -d Removes the password for using Application Control.

read-protect (rp) -e Excludes specific components from a read-protecteddirectory, or volume.

-f Flushes all components from read protection.

-i Includes files, directories, or volumes for read protection.

-l Lists the read-protected components.

-r Removes read‑protection applied to files, directories, orvolumes.

recover -f Forcefully aborts the McAfee ePO command and recoverthe local CLI.

solidify (so) -q Suppresses all output except for errors.

-v Displays all the processed components.

status NA NA

trusted -e Excludes one or more specified paths to the directories orvolumes from a list of trusted directories or volumes.

-f Removes all directories and volumes from the trusted rule.

-i Adds one or more specified paths to the directories orvolumes as trusted directories or volumes.

-l Lists all trusted directories and volumes.

-r Removes the specified directories or volumes from thetrusted rule.

-u Provides updater privileges to all binaries and scripts in thetrusted directories or volumes.

unsolidify (unso) -v Displays all the processed components.

updaters -d Excludes the child processes of a binary file to be added asan updater from inheriting the updater privileges.

-l Includes the library name for an execution file to be addedas an updater (for Windows).

-n Disables event logging for a file to be added as an updater.

-p Adds a file as an updater only when it is started byspecified parent process.

-t Performs these operations:• Includes the tags for a file to be added as an updater.

• Adds a user with a tag name as an updater.

-u Adds a user as an updater (for Windows).

version NA NA

Argument details 2




write-protect (wp) -e Excludes specific components from a write-protecteddirectory or volume.

-f Flushes all components from write protection.

-i Write-protects files, directories, or volumes.

-l Lists the write-protected components.

-r Removes write protection applied to files, directories, orvolumes.

write-protect-reg(wpr)

-e Excludes one or more registry keys from write protection.

-f Flushes all registry keys from write protection. Flushingthe registry keys from write protection removes allwrite‑protection rules applied to the registry keys.

-i Write‑protects registry keys.

-l Lists all write-protected registry keys.

-r Removes write protection from one or more registry keys.

2 Argument details


00

Documents

McAfee Application Control 6.2€¦ · 2 McAfee Application Control 6.2.0 Command Line Interface Guide. ... (Windows XP and Windows ... Application Control Command Line Interface