McAfee Application Control 8.1.0 - Windows Command … · Contents 1 Command overview 5 2 Argument details 17 McAfee Application Control 8.1.0 - Windows Command Line Interface Guide

McAfee Application Control 8.1.0 - WindowsCommand Line Interface Guide(Unmanaged)

COPYRIGHT

Copyright © 2018 McAfee, LLC

TRADEMARK ATTRIBUTIONSMcAfee and the McAfee logo, McAfee Active Protection, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes,McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, True Key, TrustedSource, VirusScan are trademarks or registered trademarks of McAfee,LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THEGENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASECONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVERECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOUDOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IFAPPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.

2 McAfee Application Control 8.1.0 - Windows Command Line Interface Guide

Contents

1 Command overview 5

2 Argument details 17

McAfee Application Control 8.1.0 - Windows Command Line Interface Guide 3

Contents


1 Command overview

Here are all commands available for Application Control when using the command line interface (CLI).

In the OS column, these abbreviations indicate the supported operating systems.

• L — Linux

• W — Windows

In the Mode column, these abbreviations indicate the supported mode for the command.

• E — Enabled mode

• D — Disabled mode

• U — Update mode

Table 1-1 Command details

Command Description Syntax OS Mode

attr Changes or lists the ApplicationControl configuration attributeslist.

sadmin attr add -a filename1 ...filenameN

L E, D, U

sadmin attr add -p filename1 ...filenameNsadmin attr add -u filename1 ...filenameNsadmin attr add -o parent=filename2 -p filename1sadmin attr remove -afilename1 ... filenameNsadmin attr remove -pfilename1 ... filenameNsadmin attr remove -ufilename1 ... filenameNsadmin attr list -afilename1 ... filenameNsadmin attr list -pfilename1 ... filenameNsadmin attr list -ufilename1 ... filenameNsadmin attr flush -asadmin attr flush -psadmin attr flush -usadmin attr add -a filename1 ...filenameN

W (32-bit) E, D, U

1


Table 1-1 Command details (continued)


sadmin attr add -c filename1 ...filenameNsadmin attr add -h filename1 ...filenameNsadmin attr add -o parent=filename2 -i filename1sadmin attr add -j filename1 ...filenameNsadmin attr add -l filename1 ...filenameNsadmin attr add -m filename1 ...filenameNsadmin attr add -p filename1 ...filenameNsadmin attr add -u filename1 ...filenameNsadmin attr add -v filename1 ...filenameN (Windows 7 and later)

sadmin attr add -o parent=filename2 -p filename1sadmin attr add -o module=modulename -v filename1 (Windows 7and later)

sadmin attr remove -afilename1 ... filenameNsadmin attr remove -cfilename1 ... filenameNsadmin attr remove -hfilename1 ... filenameNsadmin attr remove -ifilename1 ... filenameNsadmin attr remove -jfilename1 ... filenameNsadmin attr remove -lfilename1 ... filenameNsadmin attr remove -mfilename1 ... filenameNsadmin attr remove -pfilename1 ... filenameNsadmin attr remove -ufilename1 ... filenameNsadmin attr remove -vfilename1 ... filenameN (Windows 7and later)

sadmin attr list -afilename1 ... filenameNsadmin attr list -cfilename1 ... filenameN

1 Command overview




sadmin attr list -hfilename1 ... filenameNsadmin attr list -ifilename1 ... filenameNsadmin attr list -jfilename1 ... filenameNsadmin attr list -lfilename1 ... filenameNsadmin attr list -mfilename1 ... filenameNsadmin attr list -pfilename1 ... filenameNsadmin attr list -ufilename1 ... filenameNsadmin attr list -vfilename1 ... filenameN (Windows 7and later)

sadmin attr flush -asadmin attr flush -csadmin attr flush -hsadmin attr flush -isadmin attr flush -jsadmin attr flush -lsadmin attr flush -msadmin attr flush -psadmin attr flush -usadmin attr flush -v (Windows 7 andlater)

sadmin attr add -a filename1 ...filenameN

W (64-bit) E, D, U

sadmin attr add -c filename1 ...filenameNsadmin attr add -h filename1 ...filenameNsadmin attr add -o parent=filename2 -i filename1sadmin attr add -j filename1 ...filenameNsadmin attr add -m filename1 ...filenameNsadmin attr add -n filename1 ...filenameNsadmin attr add -n -y filename1(Not available on Windows Server 2012)

sadmin attr add -p filename1 ...filenameN

Command overview 1




sadmin attr add -u filename1 ...filenameNsadmin attr add -v filename1 ...filenameN (Windows 7 and later)

sadmin attr add -o parent=filename2 -p filename1sadmin attr add -o module=modulename -v filename1 (Windows 7and later)

sadmin attr remove -afilename1 ... filenameNsadmin attr remove -cfilename1 ... filenameNsadmin attr remove -hfilename1 ... filenameNsadmin attr remove -ifilename1 ... filenameNsadmin attr remove -jfilename1 ... filenameNsadmin attr remove -mfilename1 ... filenameNsadmin attr remove -nfilename1 ... filenameNsadmin attr remove -pfilename1 ... filenameNsadmin attr remove -ufilename1 ... filenameNsadmin attr remove -vfilename1 ... filenameN (Windows 7and later)

sadmin attr list -afilename1 ... filenameNsadmin attr list -cfilename1 ... filenameNsadmin attr list -hfilename1 ... filenameNsadmin attr list -ifilename1 ... filenameNsadmin attr list -jfilename1 ... filenameNsadmin attr list -mfilename1 ... filenameNsadmin attr list -nfilename1 ... filenameNsadmin attr list -pfilename1 ... filenameNsadmin attr list -ufilename1 ... filenameN

1 Command overview




sadmin attr list -vfilename1 ... filenameN (Windows 7and later)

sadmin attr flush -asadmin attr flush -csadmin attr flush -hsadmin attr flush -isadmin attr flush -jsadmin attr flush -msadmin attr flush -nsadmin attr flush -psadmin attr flush -usadmin attr flush -v (On Windows 7and later)

auth Authorizes an application(executable, installer, or batch file)as a whitelist, or unauthorizes anapplication by adding to theblacklist. The application might belocally installed, invoked, orinstalled or invoked from a shareddrive.

sadmin auth -a -c checksum W E, D, U

sadmin auth -a [ -t rule id ] -cchecksumsadmin auth -a [ -t rule id ][ -u ] -c checksumsadmin auth -b -c checksumsadmin auth -b [ -t rule id] -cchecksumsadmin auth -fsadmin auth -lsadmin auth -r checksum

begin-update(bu)

Initiates the Update mode to helpperform software updates andinstallations.

sadmin begin-update[ workflow-id [ comment ]]

L, W E, D

sadmin bu [ workflow-id[ comment ]]

cert Manages certificates for digitallysigned files. You can add, remove,or list the certificates in theApplication Control certificatestore, which is a directory in theinstall directory <instlall_dir>/Certificates.

sadmin cert add certificate_name W E, D, U

sadmin cert add -ucertificate_namesadmin cert add -ccertificate_contentsadmin cert remove SHA-1sadmin cert remove SHA-256sadmin cert remove -ccertificate_contentsadmin cert listsadmin cert list -dsadmin cert list -usadmin cert flush

Command overview 1




check Validates and fixes the attributesof the specified file or files againstthe file inventory.

sadmin check [ -r ] L, W E, D, U

sadmin check [ -r ]filename1 ... filenameNsadmin check [ -r ]directoryname1 ...directorynameNsadmin check [ -r ]volumename1 ... volumenameN

config Allows you to:• Export current configuration

settings to a file.

• Import configuration settingsfrom a file to an existinginstallation.

sadmin config export filename L, W E, D, U

sadmin config import [ -a ]filenamesadmin config set name=valuesadmin config show

diag Runs diagnostics and offerssuggestions on programs andapplications to authorize (toperform updates).

sadmin diag W E, U

sadmin diag fix [ -f ]

disable Activates the Disabled mode.Restart the system to make surethat the command is applied. Onthe Linux platform, if ApplicationControl is in the Enabled mode,system restart is not required toapply this command. But, touninstall the product, systemrestart is required.

sadmin disable L, W E, U

enable Activates the Enabled mode.Restart the system to make surethat the command is applied. Or,restart the Application Controlservice to apply this command.But, the memory-protectionfeature will be available only aftersystem restart.

sadmin enable L, W D

end-update (eu)

Ends the Update mode andactivates the Enabled mode.

sadmin end-updatesadmin eu

L, W U

event Configures the log targets (sinks)for generated events.

sadmin event sink L, W E, D, U

sadmin event sink eventnamesinknamesadmin event sink -a { eventname| ALL } { sinkname | ALL }sadmin event sink -r { eventname| ALL } { sinkname | ALL }

features Enables, disables, or lists thefeatures on an existing installation.

sadmin features enablefeaturename

L, W E, D, U

sadmin features disablefeaturenamesadmin features list

1 Command overview




help Provides information about basiccommands.

sadmin help L, W E, D, U

sadmin help [ command ]help-advanced

Provides information aboutadvance commands.

sadmin help-advanced L, W E, D, U

sadmin help-advanced [ command ]license Adds or displays licensing

information.sadmin license add licensekey L, W D

sadmin license listlist-solidified(ls)

Lists the whitelisted files,directories, and volumes.

sadmin list-solidified [ -l ]sadmin ls [ -l ]

L, W E, D, U

sadmin list-solidified [ -l ]filename1 ... filenameNsadmin ls [ -l ] filename1 ...filenameN

sadmin list-solidified [ -l ]directoryname1 ...directorynameNsadmin ls [ -l ]directoryname1 ...directorynameN

sadmin list-solidified [ -l ]volumename1 ... volumenameNsadmin ls [ -l ] volumename1 ...volumenameN

list-unsolidified (lu)

Lists the files, directories, andvolumes that are not whitelisted.

sadmin list-unsolidifiedsadmin lu

L, W E, D, U

sadmin list-unsolidifiedfilename1 ... filenameNsadmin lu filename1 ...filenameN

sadmin list-unsolidifieddirectoryname1 ...directorynameNsadmin lu directoryname1 ...directorynameN

sadmin list-unsolidifiedvolumename1 ... volumenameNsadmin lu volumename1 ...volumenameN

lockdown Disables the local command lineinterface. After lockdown, you canonly issue the help,help‑advanced, status, version,and recover commands.

sadmin lockdown L, W E, D, U

passwd Sets a password for the commandline interface.If the password is set, you mustverify the password beforeexecuting critical commands.

sadmin passwd L, W E, D, U

Command overview 1



Command Description Syntax OS ModeUsing sadmin passwd -dcommand removes the password.

sadmin passwd -d

read-protect(rp)

Displays or changes the readprotection rules. You must specifycomplete file or directory nameswith this command.

sadmin read-protect -epathname1 ... pathnameN

L, W E, D, U

sadmin read-protect -ipathname1 ... pathnameNsadmin read-protect -rpathname1 ... pathnameNsadmin read-protect -fsadmin read-protect -l

recover Recovers the local command lineinterface.

sadmin recover L, W E, D, U

sadmin recover -f

ruleengine

Specify rules on various attributesof a process whose execution isundetermined. This enables theuser to allow, block, or monitor itsexecution. You can combine oneor more unique attribute types inone rule using AND operator.

sadmin ruleengine add allowprocessname command_line{ matches | not matches } regex

W E, D, U

sadmin ruleengine add allowprocessname { command_line |user | parent_process_name |path } { equals | not equals }stringsadmin ruleengine add blockprocessname command_line{ matches | not matches } regexsadmin ruleengine add blockprocessname { command_line |user | parent_process_name |path } { equals | not equals }stringsadmin ruleengine add monitorprocessname command_line{ matches | not matches } regexsadmin ruleengine add monitorprocessname { command_line |user | parent_process_name |path } { equals | not equals }stringsadmin ruleengine remove allowprocessname command_line{ matches | not matches } regexsadmin ruleengine remove allowprocessname { command_line |user | parent_process_name |path } { equals | not equals }stringsadmin ruleengine remove blockprocessname command_line{ matches | not matches } regex

1 Command overview




sadmin ruleengine remove blockprocessname { command_line |user | parent_process_name |path } { equals | not equals }stringsadmin ruleengine remove monitorprocessname command_line{ matches | not matches } regexsadmin ruleengine remove monitorprocessname { command_line |user | parent_process_name |path } { equals | not equals }stringsadmin ruleengine listsadmin ruleengine flush

skiplist Bypasses a path component froma feature to remove the protectionapplied by that feature. You canalso define skip rules to skip pathcomponents from the whitelist.Use caution and take advice fromMcAfee Support before applyingskiplist rules because doing so canaffect the core functionality of theproduct and might make yoursystem vulnerable to securitythreats. For more informationabout skiplist rules, see Skip rulesfor path components chapter inMcAfee Application Control 8.0.0Product Guide for standalonemode.

sadmin skiplist add -cpathname1 ... pathnameN

W E, D, U

sadmin skiplist add -dpathname1 ... pathnameNsadmin skiplist add -fpathname1 ... pathnameNsadmin skiplist add -ipathname1 ... pathnameNsadmin skiplist add -rpathname1 ... pathnameNsadmin skiplist add -spathname1 ... pathnameNsadmin skiplist add -vpathname1 ... pathnameNsadmin skiplist remove -cpathname1 ... pathnameNsadmin skiplist remove -dpathname1 ... pathnameNsadmin skiplist remove -fpathname1 ... pathnameNsadmin skiplist remove -ipathname1 ... pathnameNsadmin skiplist remove -rpathname1 ... pathnameNsadmin skiplist remove -spathname1 ... pathnameNsadmin skiplist remove -vpathname1 ... pathnameNsadmin skiplist list -csadmin skiplist list -dsadmin skiplist list -fsadmin skiplist list -isadmin skiplist list -r

Command overview 1




sadmin skiplist list -ssadmin skiplist list -vsadmin skiplist flush -csadmin skiplist flush -dsadmin skiplist flush -fsadmin skiplist flush -isadmin skiplist flush -rsadmin skiplist flush -ssadmin skiplist flush -v

solidify(so)

Adds specified files in a directoryor system volume to the whitelist.

sadmin solidify L, W E, D, U

sadmin sosadmin solidify [ -q | -v ]filename1 ... filenameNsadmin solidify [ -q | -v ]directoryname1 ...directorynameNsadmin solidify [ -q | -v ]volumename1 ... volumenameNFor more information about thiscommand, see McAfee Application Control8.1.0 Product Guide for standalone mode.

status Displays the status of ApplicationControl. You can view theoperational mode, operationalmode on system restart,connectivity with McAfee ePO,access status, and whitelist statusof the local CLI.

sadmin status L, W E, D, U

sadmin status volumename

trusted Identifies a local or remote shareas a trusted file path, volume, ordirectory. You can include, exclude,remove, list, or flush the trustedvolumes or directories.

sadmin trusted -e pathname1 ...pathnameN

L E, D, U

sadmin trusted -i pathname1 ...pathnameNsadmin trusted -r pathname1 ...pathnameNsadmin trusted -fsadmin trusted -lsadmin trusted -evolumesetname1 ...volumesetnameN

W E, D, U

sadmin trusted -e pathname1 ...pathnameNsadmin trusted -ivolumesetname1 ...volumesetnameNsadmin trusted -i pathname1 ...pathnameN

1 Command overview




sadmin trusted -rvolumesetname1 ...volumesetnameNsadmin trusted -r pathname1 ...pathnameNsadmin trusted -fsadmin trusted -lsadmin trusted -u <local ornetwork path>

unsolidify(unso)

Removes specified files from thewhitelist.

sadmin unsolidify [ -v ]filename1 ... filenameN

L, W E, D, U

sadmin unsolidify [ -v ]directoryname1 ...directorynameNsadmin unsolidify [ -v ]volumename1 ... volumenameN

updaters Adds, deletes, lists, or flushesprograms from the list ofauthorized updaters.

sadmin updaters add [ -d ]{ binaryname }

L E, D, U

sadmin updaters add [ -n ]{ binaryname }sadmin updaters add [ -pparent-programname ]{ binaryname }sadmin updaters add [ -trule-id ] { binaryname }sadmin updaters add [ -d ][ -n ] [ -t rule-id ] [ -pparent-programname ]{ binaryname }sadmin updaters remove{ binaryname }sadmin updaters remove [ -pparent-programname ]{ binaryname }sadmin updaters listsadmin updaters flushsadmin updaters add [ -d ]{ binaryname }

W E, D, U

sadmin updaters add [ -llibraryname ] { binaryname }sadmin updaters add [ -n ]{ binaryname }sadmin updaters add [ -pparent-binaryname ]{ binaryname }sadmin updaters add [ -trule-id ] { binaryname }

Command overview 1




sadmin updaters add [ -d ][ -n ] [ -t rule-id ] [ -llibraryname ] { binaryname }sadmin updaters add [ -d ][ -n ] [ -t rule-id ] [ -pparent-binaryname ]{ binaryname }sadmin updaters add [ -trule-id ] -u usernamesadmin updaters remove{ binaryname }sadmin updaters remove [ -llibraryname ] { binaryname }sadmin updaters remove [ -pparent-binaryname ]{ binaryname }sadmin updaters remove -uusernamesadmin updaters listsadmin updaters flush

version Displays the version of theinstalled Application Control.

sadmin version L, W E, D, U

write-protect(wp)

Write-protects specified filesincluding the whitelisted files. Youmust specify complete file ordirectory names with thiscommand.

sadmin write-protect -epathname1 ... pathnameN

L, W E, D, U

sadmin write-protect -ipathname1 ... pathnameNsadmin write-protect -rpathname1 ... pathnameNsadmin write-protect -fsadmin write-protect -l

write-protect-reg (wpr)

Write-protects specified registrykeys including the whitelistedregistry keys.

sadmin write-protect-reg -eregistrykeyname1 ...registrykeynameN

W E, D, U

sadmin write-protect-reg -iregistrykeyname1 ...registrykeynameNsadmin write-protect-reg -rregistrykeyname1 ...registrykeynameNsadmin write-protect-reg -lsadmin write-protect-reg -f

1 Command overview


2 Argument details

This table lists the commands with the supported arguments and their description. In the Argument column,the supported arguments for the commands are listed in alphabetical order.

Table 2-1 Argument details

Command Argument Description

attr -a Always authorizes by file name. This is a deprecatedtechnique. For more information, contact McAfeeSupport.

-b Configures the bypass, restore, list, and flush rules for acomponent protected using the Mangling technique.This is a deprecated technique. For more information,contact McAfee Support.

-c Configures the bypass, restore, list, and flush rules for acomponent protected using the Critical Address SpaceProtection technique.

-f Bypasses from full crawl attribute. This is a deprecatedtechnique. For more information, contact McAfeeSupport.

-h Adds a binary to MP Compat protection.

-i Configures the bypass, restore, list, and flush rules for abinary using the Package Control feature.

-j Bypasses a binary from MP Compat protection.

-l Configures the bypass, restore, list, and flush rules for acomponent using the Anti-Debugging technique. This isa deprecated technique. For more information, contactMcAfee Support.

-m Configures the add, remove, list, and flush rules forblocking the process in the interactive mode.

-n Configures the bypass, restore, list, and flush rules for acomponent using the mp-nx technique.

-y Includes child processes for a component to bebypassed using the mp-nx technique. This argument canonly be specified with the -n argument.

-o Indicates to specify the DLL module name for a specifiedprocess. This argument can be used with -p, -v, and -iarguments. On the Linux platform, use this argument tospecify the parent program for the -p attribute.

-p Bypasses from process context file operations attribute.

-u Always unauthorizes by file name. This is a deprecatedtechnique. For more information, contact McAfeeSupport.

2


Table 2-1 Argument details (continued)


-v Bypasses from Forced DLL relocation attribute.

auth -a Authorizes a binary using the checksum value.

-b Bans a binary using the checksum value.

-c Specifies the checksum value.

-f Flushes all authorized or banned binaries.

-l Lists all authorized and banned binaries.

-r Removes the authorized or banned binaries.

-t Includes the associated tag name for a binary to bebanned.

-u Authorizes a binary and also provides updater rightswhen used with the -a and -c arguments.

begin-update (bu) workflow-id Indicates to specify an ID while switching to the Updatemode. This ID can be used for tracking purposes in achange management for ticketing system.

comment Indicates to use a descriptive text for the workflow ID.

cert -c Specifies the certificate content as trusted.

-d Lists all details of the issuer and subject of thecertificates added to the system.

-u Provides updater rights to a certificate that is added as atrusted certificate or list the trusted certificates withupdater rights.

check -r Fixes any inconsistencies that are encountered.

config -a Appends the configuration values.

diag -f Applies the diagnosed configuration changes for therestricted programs, such as winlogon.exe andsvchost.exe.

disable NA NA

enable NA NA

end-update (eu) NA NA

event -a Adds sinks to the specified event.

-r Removes sinks from the specified event.

features -d Lists all features (including the hidden features).For more information, contact McAfee Support.

help NA NA

help-advanced NA NA

license NA NA

list-solidified (ls) -l Lists details of the whitelisted files.

list-unsolidified(lu)

NA NA

lockdown NA NA

passwd -d Removes the password for using Application Control.

2 Argument details




read-protect (rp) -e Excludes specific components from a read-protecteddirectory, or volume.

-f Flushes all components from read protection.

-i Includes files, directories, or volumes for readprotection.

-l Lists the read-protected components.

-r Removes read protection applied to files, directories, orvolumes.

recover -f Forcefully closes the McAfee ePO command and recoverthe local CLI.

ruleengine allow A rule type for adding or removing the allow rules onany attribute of a process.

block A rule type for adding or removing the block rules onany attribute of a process.

monitor A rule type for adding or removing the monitor rules onany attribute of a process.

command_line This attribute type specifies the command-line argumentto execute a process. A rule type can be applied to eitherallow, block, or monitor a process when executed usingcommand_line.

user This attribute type specifies the user who tries toexecute a process. A rule can be applied to either allow,block, or monitor the process started by a user.

parent_process_name This attribute type specifies a particular process which aparent process tries to execute. A rule can be applied toeither allow, block, or monitor its execution when aparent process tries to execute it.

path This attribute type denotes the path where the processresides whose execution is undetermined. A rule can beapplied to allow, block, or monitor the process executionfrom that path.

regex A regular expression of one or more characters thatdefines the search pattern. It describes a grammar thatcan be constructed based on ECMA script. See thisarticle for more details.

string Specifies a string of characters.

skiplist -c Skips path components from the monitoring feature.This command is applicable to Application Control onlyin Update mode where changes are tracked. User modepaths and paths with volume name do not work withthis command.Text added with this command is treated as completecomponent. For example, text can start with a slash (/)and end with a slash (\), dot (.), or null character.

No events are generated for files that contain thespecified text. Also, the whitelist is not updated for suchpaths.

Argument details 2


https://msdn.microsoft.com/en-us/library/bb982727.aspx#regexgrammar



-d Skips path components from write protection to removewrite protection applied to all files in that path. Usermode paths and paths with volume name do not workwith this command.Text added with this command is treated as completecomponent. For example, text can start with a forwardslash (/) and end with a backward slash (\), dot (.), or nullcharacter.

-f Skips path components from file operations and thescript-auth feature.User mode paths and paths with volume name do notwork with this command.

Text added with this command is treated as substring ina path. No events are raised and the whitelist is notupdated for the skipped path components. Also, scriptexecution control does not work for paths added withthis command.

-i Skips path components from file operations using theignore path list. This works similar to the sadminadd -f command.

User mode paths and paths with volume name do notwork with this command.

When the path components are specified on Windows64-bit platforms, even the deny-exec feature is skipped.

-r Skips registry path components from write protectionfor registry to remove write protection applied on theregistry paths.

Text added with this command is treated as completecomponent. For example, text can start with a forwardslash (/) and end with a backward slash (\), dot (.), or nullcharacter.

-s Removes files present under the specified pathcomponent and subdirectories from the whitelist.

Network path names cannot be specified with thiscommand. Volume relative rules can also be specifiedusing *\<vol_rel_name>.

-v Bypasses volumes from attaching to Application Control.File system, such as NTFS or FAT, can also be specifiedwith this argument. When you specify a volume namewith this argument, Application Control is not attachedto that volume. Script-auth and deny-exec features arealso not effective on the specified volume. Componentsin that volume are allowed to execute on the system.

You can specify a path component using user modevolume names, such as C: and D:. Also, device names,such as \device\harddiskvolume1, and file systems,such as NTFS and FAT, can also be specified.

solidify (so) -q Suppresses all output except for errors.

-v Displays all processed components.

status NA NA

2 Argument details




trusted -e Excludes one or more specified paths to the directoriesor volumes from a list of trusted directories or volumes.

-f Removes all directories and volumes from the trustedrule.

-i Adds one or more specified paths to the directories orvolumes as trusted directories or volumes.

-l Lists all trusted directories and volumes.

-r Removes the specified directories or volumes from thetrusted rule.

-u Provides updater rights to all binaries and scripts in thetrusted directories or volumes.

unsolidify (unso) -v Displays all processed components.

updaters -d Excludes the child processes of a binary file to be addedas an updater from inheriting the updater rights.

-l Includes the library name for an execution file to beadded as an updater (for Windows).

-n Disables event logging for a file to be added as anupdater.

-p Adds a file as an updater only when it is started byspecified parent process.

-t Performs these operations:• Includes the tags for a file to be added as an updater.

• Adds a user with a tag name as an updater.

-u Adds a user as an updater (for Windows).

version NA NA

write-protect (wp) -e Excludes specific components from a write-protecteddirectory or volume.

-f Flushes all components from write protection.

-i Write-protects files, directories, or volumes.

-l Lists the write-protected components.

-r Removes write protection applied to files, directories, orvolumes.

write-protect-reg(wpr)

-e Excludes one or more registry keys from writeprotection.

-f Flushes all registry keys from write protection. Flushingthe registry keys from write protection removes all writeprotection rules applied to the registry keys.

-i Write-protects registry keys.

-l Lists all write-protected registry keys.

-r Removes write protection from one or more registrykeys.

Argument details 2


2 Argument details


0-00

Documents

McAfee Application Control 8.1.0 - Windows Command … · Contents 1 Command overview 5 2 Argument details 17 McAfee Application Control 8.1.0 - Windows Command Line Interface Guide