McAfee Application Control Windows Installation Guide

Similar documents
McAfee Application Control Windows Installation Guide. (Unmanaged)

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator)

McAfee Change Control and McAfee Application Control 8.0.0

McAfee Change Control and McAfee Application Control 6.1.4

McAfee MVISION Endpoint 1808 Installation Guide

Installation Guide. McAfee Change Control and McAfee Application Control 6.1.7

McAfee MVISION Endpoint 1811 Installation Guide

McAfee Change Control and McAfee Application Control 6.1.0

Data Loss Prevention Discover 11.0

McAfee Content Security Reporter Installation Guide. (McAfee epolicy Orchestrator)

Installation Guide. McAfee Endpoint Security for Servers 5.0.0

McAfee Client Proxy Installation Guide

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0

McAfee File and Removable Media Protection Installation Guide

Installation Guide. McAfee Web Gateway Cloud Service

McAfee Endpoint Upgrade Assistant 2.3.x Product Guide

McAfee Rogue Database Detection For use with epolicy Orchestrator Software

Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0

McAfee Endpoint Security Threat Prevention Installation Guide - macos

McAfee Application Control and McAfee Change Control Linux Product Guide Linux

McAfee Endpoint Security Threat Prevention Installation Guide - Linux

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0)

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Content Security Reporter Release Notes. (McAfee epolicy Orchestrator)

Product Guide Revision A. McAfee Client Proxy 2.3.2

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

McAfee Data Protection for Cloud 1.0.1

McAfee epolicy Orchestrator 5.9.1

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator)

McAfee Boot Attestation Service 3.5.0

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator)

McAfee Client Proxy Product Guide

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud)

McAfee Content Security Reporter 2.6.x Installation Guide

McAfee Policy Auditor 6.2.2

McAfee Application Control Linux Product Guide. (McAfee epolicy Orchestrator)

McAfee Firewall Enterprise epolicy Orchestrator Extension

McAfee Application Control 6.2.0

McAfee Host Intrusion Prevention 8.0

McAfee Content Security Reporter 2.6.x Migration Guide

Migration Guide. McAfee Content Security Reporter 2.4.0

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide

McAfee Endpoint Security for Servers Product Guide

McAfee MVISION Mobile epo Extension Product Guide

Boot Attestation Service 3.0.0

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

McAfee MVISION Mobile Microsoft Intune Integration Guide

Migration Guide. McAfee File and Removable Media Protection 5.0.0

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee File and Removable Media Protection Product Guide

Reference Guide. McAfee Security for Microsoft Exchange 8.6.0

McAfee Investigator Product Guide

Reference Guide. McAfee Application Control 7.0.0

McAfee File and Removable Media Protection 6.0.0

McAfee Endpoint Security

McAfee Endpoint Security for Linux Threat Prevention Interface Reference Guide

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee Endpoint Security Installation Guide. (McAfee epolicy Orchestrator)

Reference Guide. McAfee Application Control 8.0.0

McAfee Change Control Linux Product Guide. (McAfee epolicy Orchestrator)

McAfee Agent 5.6.x Product Guide

McAfee MOVE AntiVirus Installation Guide. (McAfee epolicy Orchestrator)

Revision A. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

McAfee Network Security Platform

Product Guide. McAfee Web Gateway Cloud Service

Product Guide. McAfee Performance Optimizer 2.2.0

McAfee Network Security Platform 8.3

Firewall Enterprise epolicy Orchestrator

McAfee Network Security Platform

McAfee epolicy Orchestrator Software

Archiving Service. Exchange server setup (2010) Secure Gateway (SEG) Service Administrative Guides

McAfee Performance Optimizer 2.1.0

McAfee Application Control Linux Product Guide. (Unmanaged)

Addendum. McAfee Virtual Advanced Threat Defense

McAfee Application Control/ McAfee Change Control Administration

McAfee Application Control Windows Product Guide. (McAfee epolicy Orchestrator)

McAfee MVISION Mobile Silverback Integration Guide

McAfee Change Control Using Change Reconciliation and Ticket-based Enforcement

Product Guide. McAfee Web Gateway Cloud Service

Release Notes for McAfee(R) Security for Lotus Domino(TM) Version 7.5 with Patch 2 Hotfix Copyright (C) 2013 McAfee, Inc. All Rights Reserved

McAfee Agent Product Guide. (McAfee epolicy Orchestrator Cloud)

McAfee Management of Native Encryption 3.0.0

McAfee Application Control Windows Product Guide. (Unmanaged)

McAfee SiteAdvisor Enterprise 3.5.0

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee MVISION Mobile Citrix XenMobile Integration Guide

McAfee Application Control 8.0.0

Installing Client Proxy software

McAfee MVISION Mobile MobileIron Integration Guide

McAfee Data Exchange Layer Product Guide. (McAfee epolicy Orchestrator)

Best Practices Guide. Amazon OpsWorks and Data Center Connector for AWS

Addendum. McAfee Virtual Advanced Threat Defense

McAfee Cloud Identity Manager

Release Notes. McAfee Active Response Content Update

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee Drive Encryption Installation Guide. (McAfee epolicy Orchestrator)

McAfee Cloud Workload Security Product Guide

Transcription:

McAfee Application Control 8.2.0 - Windows Installation Guide

COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, True Key, TrustedSource, VirusScan are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Application Control 8.2.0 - Windows Installation Guide

Contents 1 Install the software 5 Install the software in a managed environment........................ 5 System requirements.............................. 6 Install the extension manually........................... 6 Install the extension with Software Manager...................... 7 Add the software license key............................ 7 Install the Solidcore client manually......................... 7 Install the Solidcore client with Software Manager.................... 8 Install the Solidcore client on the endpoints...................... 8 Verify the Solidcore client installation........................ 9 Enable the Solidcore client............................ 10 Install the software in a standalone environment....................... 11 System requirements.............................. 11 Download the Solidcore client package....................... 12 Install the software in interactive mode....................... 12 Install the software in silent mode......................... 13 Verify the installation.............................. 14 2 Upgrade the software in a managed environment 17 Upgrade Solidcore extension manually.......................... 17 Upgrade Solidcore extension with Software Manager..................... 18 Verify the Solidcore extension upgrade.......................... 18 Add the Solidcore client package to the repository manually................... 19 Add the Solidcore client package to the repository with Software Manager............. 20 Upgrade the Solidcore client on the endpoints........................ 20 Verify the Solidcore client upgrade............................ 21 3 Upgrade the software in a standalone environment 23 Preparing to upgrade................................. 23 Upgrade in interactive mode.............................. 24 Upgrade in silent mode................................ 24 Verify the upgrade.................................. 25 4 Uninstall the software in a managed environment 27 Remove the Solidcore client.............................. 27 Remove the Solidcore extension............................. 28 Remove the Solidcore client package........................... 28 5 Uninstall the software in a standalone environment 29 Uninstall in interactive mode.............................. 29 Uninstall in silent mode................................ 30 McAfee Application Control 8.2.0 - Windows Installation Guide 3

Contents 4 McAfee Application Control 8.2.0 - Windows Installation Guide

1 1 Install the software You can install McAfee Application Control and McAfee Change Control in a managed McAfee epolicy Orchestrator (McAfee epo ) environment or in an unmanaged environment, also called standalone, or self-managed. McAfee epo is a management tool that installs software and deploys policies on the managed endpoints. It also allows you to monitor client activity, create reports, and store and distribute content and software updates. When you install the software using McAfee epo, you can: Install it manually. Install it using Software Manager. When you install the software in a standalone mode, you can: Install it in silent mode. Install it in interactive mode. Contents Install the software in a managed environment Install the software in a standalone environment Install the software in a managed environment Contents System requirements Install the extension manually Install the extension with Software Manager Add the software license key Install the Solidcore client manually Install the Solidcore client with Software Manager Install the Solidcore client on the endpoints Verify the Solidcore client installation Enable the Solidcore client McAfee Application Control 8.2.0 - Windows Installation Guide 5

1 Install the software Install the software in a managed environment System requirements Before installing Change Control or Application Control, make sure that your environment meets all requirements. To review system requirements for this release, see KB87944. Verify that the McAfee epo server and database are installed and configured. Make sure that McAfee Agent is installed on each endpoint where you want to install Change Control or Application Control. McAfee Agent acts as the intermediary between the Solidcore client and McAfee epo server. It sends data between the two. Download the Solidcore extension package from the McAfee Downloads site. The Solidcore extension file is typically named Solidcore_epo_extn_<version>.<build>.zip. Download the Solidcore client package from the McAfee Downloads site. For Microsoft Windows, download the package SOLIDCOR<version>-<build>_WIN.zip. Make sure that the target platforms where you want to install the Solidcore client are supported. See KB87944 for Change Control and Application Control). Determine the database sizing requirements for your setup. See KB72753 for Change Control and Application Control. Supported McAfee epo versions This release of Application Control and Change Control is compatible with these McAfee epo versions. McAfee epo 5.3.0 5.3.3. McAfee epo 5.9.0 and 5.9.1. McAfee epo 5.10. Install the extension manually The Solidcore extension integrates with the McAfee epo console and provides Change Control and Application Control features. Before you begin Make sure that the extension file is stored at an accessible location. 1 On the McAfee epo console, select Menu Software Extensions to open the Extensions page. 2 Click Install Extension. 3 Browse to and select the Solidcore_epo_extn_<version>.<build>.zip file, then click OK. 4 Verify the information on the Install Extension page, then click OK. 5 Verify that the Solidcore product name appears in the Extensions list. If the product name is not listed or you encounter errors during installation, review the Orion.log file in the <McAfee epo install dir>\server\logs directory to analyze the cause. 6 McAfee Application Control 8.2.0 - Windows Installation Guide

Install the software Install the software in a managed environment 1 Install the extension with Software Manager The Solidcore extension integrates with the McAfee epo console and provides Change Control and Application Control features. 1 On the McAfee epo console, select Menu Software Software Manager. 2 From the Product Categories list, select Software (by Label) Endpoint Security. 3 Select McAfee Application Control 8.2 or McAfee Change Control 8.2. 4 Click Check In for the epo Management Extension. 5 On the Check In Software Summary page, select I accept the terms in the license agreement and click OK. Add the software license key Licenses determine the product features that are enabled in your system. When you install the Solidcore extension, a default evaluation license for Integrity Control lasting 90 days is provided. You can extend this evaluation license for another 90 days or add a full license. The license key determines the features that are enabled. Any or all features can be enabled and used at the same time. 1 On the McAfee epo console, select Menu Configuration Server Settings to open the Setting Categories page. 2 Select Solidcore, then click Edit to open the Edit Solidcore page. 3 Enter the license keys, then click Save. Install the Solidcore client manually The Solidcore client provides change monitoring, change prevention, and whitelisting features. For all supported platforms, the Solidcore client works well on both physical and virtual machines (VM). Before you begin Before you install the Solidcore client, add the Solidcore client package to the McAfee epo repository. 1 On the McAfee epo console, select Menu Software Master Repository. 2 From the Packages in Master Repository page, click Check In Package. 3 Set the package type to Product or Update (.ZIP). 4 Browse to and select the package (.zip) file and click Next to open the Package Options page. 5 Check and confirm the information. Package info: Verify the package details. Branch: Select the branch you want. Set to Current for new products. Options: (Optional) Select Move the existing package to the Previous branch to move an existing package to the Previous branch. McAfee Application Control 8.2.0 - Windows Installation Guide 7

1 Install the software Install the software in a managed environment Package signing: Indicates if the package is signed by McAfee or if it is a third-party package. Conflicting Packages that will be removed: Displays a list of packages, if any, to be deleted. 6 Click Save to add the package. The new package appears in Packages in Master Repository list. Install the Solidcore client with Software Manager The Solidcore client provides change monitoring, change prevention, and whitelisting features. For all supported platforms, the Solidcore client works well on both physical and virtual machines (VM). Before you begin Before you install the Solidcore client, add the Solidcore client package to the McAfee epo repository. 1 On the McAfee epo console, select Menu Software Software Manager. 2 Next to Software Manager, click the Refresh button at the top of the page. Wait until you see a green check next to the button. 3 From the Product Categories list, select Software (by Label) Endpoint Security. 4 Select McAfee Application Control 8.2 or McAfee Change Control 8.2. 5 Click Check In for the Solidcore Client package. 6 On the Check In Software Summary page, select I accept the terms in the license agreement and click OK. Install the Solidcore client on the endpoints The Solidcore client provides change monitoring, change prevention, and whitelisting features. For all supported platforms, the Solidcore client works well on both physical and virtual machines (VM). 1 On the McAfee epo console, select Menu Systems System Tree. 2 Apply the client task to a group or an endpoint: Group -- select a group in the System Tree and click the Assigned Client s tab. Endpoint -- select the endpoint on the Systems page and click Actions Agent Modify s on a Single System. 3 Click Actions New Client Assignment to open the Client Assignment Builder page. 4 Select the McAfee Agent product and Product Deployment task type, then click Create New. a Specify the task name and add any descriptive information. b Select the target platform. For example, when installing the Solidcore client package on the Linux operating system, select Windows as the target platform. 8 McAfee Application Control 8.2.0 - Windows Installation Guide

Install the software Install the software in a managed environment 1 5 Specify the component and action. Select the appropriate package from the Products and components list. Select the Install action. Select the language of the package. Specify the branch where to add the package. 6 Click Save, then click Next to open the Schedule page. a Specify scheduling details. b Click Next. 7 Review and verify the task details, then click Save. 8 (Optional) Click Wake Up Agents to send your client task to the endpoint immediately. Verify the Solidcore client installation The Solidcore client provides change monitoring, change prevention, and whitelisting features. You can verify if the software was installed successfully on an endpoint. 1 On the McAfee epo console, select Menu Systems System Tree. 2 Select a group or endpoint from the list to view its details in the Systems tab. 3 Review logs from the McAfee epo console. a Select a system on the Systems page. b c Select Actions Agent Show Agent Log to view the agent log for the endpoint. Check the log to verify that the software was successfully installed on the endpoint. 4 Review the properties for the system. a Click Wake Up Agents to fetch properties immediately. Typically, information is exchanged between the agent and server after an agent-server communication interval (ASCI). The default ASCI value is 60 minutes. You can send an agent wake-up call to ensure immediate communication and data exchange between the server and the agent, without waiting for the ASCI to expire. b c Click a system on the Systems page to view its details. Click the Products tab and review the Solidcore version. Click the row to review additional information, including the product version and installation path. If the Solidcore information is not listed, check the log files on the endpoint to verify that the software was successfully installed. If the Solidcore client installation fails, the log files provide information about the cause for failure. Logs files are located in /var/log/mcafee/solidcore and installation logs in /var /log/mcafee/solidcore/solidcores3_install*.log. McAfee Application Control 8.2.0 - Windows Installation Guide 9

1 Install the software Install the software in a managed environment Enable the Solidcore client The Solidcore client must be in Enabled mode to be activated. 1 On the McAfee epo console, select Menu Systems System Tree. 2 Apply the client task to a group or an endpoint: Group select a group in the System Tree and click the Assigned Client s tab. Endpoint select the endpoint on the Systems page and click Actions Agent Modify s on a Single System. 3 Click Actions New Client Assignment to open the Client Assignment Builder page. a Select the Solidcore 8.2.0 product and SC: Enable task type, then click Create New. b c On the Client Catalog page, specify the task name and add any descriptive information. Select the platform, the subplatform, and indicate whether to enable Change Control, Application Control, or both. 4 To enable Change Control: Windows all No configuration is needed. Windows NT and Windows 2000 Select Reboot endpoint to restart the endpoint. On the Windows platforms, a pop-up message is displayed at the endpoint 5 minutes before the endpoint is restarted. This allows the user to save work and data on the endpoint. 5 To enable Application Control: Windows all 1 Specify the scan priority. This determines the priority of the thread that is run to create the whitelist on the endpoints. Set the scan priority to Low. This makes sure that Application Control causes minimal performance impact on the endpoints but might take longer (than when you set the priority to High) to create the whitelist. 2 Specify the activation option. Limited Feature Activation The endpoints are not restarted and limited features of Application Control are activated. Memory Protection features are available only after the endpoint is restarted. Full Feature Activation The endpoints are restarted, whitelist created, and all features of Application Control including Memory Protection are active. Restarting the endpoints is needed to enable the memory protection features. The endpoint is restarted 5 minutes after the client task is received at the endpoint. A pop-up message is displayed on the endpoint before the endpoint is restarted. 3 Select Start Observe Mode to place the endpoints in Observe mode. 4 (Optional) Select Pull Inventory. If you select this option, the software fetches the inventory details for the endpoints (after the whitelist is created) and makes the details available on the McAfee epo console after ASCI. Select this option if you want to manage the inventory using the McAfee epo console. 10 McAfee Application Control 8.2.0 - Windows Installation Guide

Install the software Install the software in a standalone environment 1 Windows NT or Windows 2000 Select Reboot endpoint checkbox to restart the endpoint after solidification is complete. Restarting the system is needed to enable the software. A pop-up message is displayed at the endpoint 5 minutes before the endpoint is restarted. This allows the user to save work and data on the endpoint. 6 Click Save, then click Next to open the Schedule page. a Specify scheduling details, then click Next. b Review and verify the task details, then click Save. 7 (Optional) Click Wake Up Agents to send your client task to the endpoint immediately. 8 Verify that the software is enabled. a Click Wake Up Agents to fetch properties immediately. b c Click a system on the Systems page. The details for the selected system are displayed. Select the Products tab and review the Solidcore version. Click the row to review the license status. Install the software in a standalone environment You can install Change Control or Application Control in the standalone configuration, also called unmanaged, or self-managed. For all supported platforms, the software works on physical and virtual machines (VM). You can install the software in one of these modes. Interactive mode An installation wizard guides you through the steps required to configure and install the software. Silent mode Installation is non-interactive installation with no progress bar or displayed messages. Recommended for medium- and large-scale deployments. Contents System requirements Download the Solidcore client package Install the software in interactive mode Install the software in silent mode Verify the installation System requirements Before installing Change Control or Application Control, review these guidelines and make sure that your environment meets these requirements. Verify that the system doesn't have an existing installation. Installation might fail if another instance of the software is already installed and the software is in Enabled mode. If upgrade is not supported from the installed version, uninstall the existing version before installing the new version. Download the license key from the McAfee Downloads site. Keep it handy before starting the installation. Review the minimum system requirements, supported operating systems, and supported file systems for Change Control and Application Control (see KB87944). McAfee Application Control 8.2.0 - Windows Installation Guide 11

1 Install the software Install the software in a standalone environment Review these platform-specific requirements. Make sure that the product is not installed in the <SYSTEM_VOLUME>\Solidcore directory or its subdirectories. Make sure that the product is installed on a system drive. If you have other file-security programs (anti-virus programs or file-encryption programs) installed and running on your system, create a registry key named DfsIrpStackSize under HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Services\Mup\Parameters and set its decimal value to 10. If this registry key exists, make sure that its decimal value is set to 10. Download the Solidcore client package The Solidcore client is the software component that provides change monitoring, change prevention, and whitelisting features. Download the Solidcore client package before installing the Solicore client. 1 Download the package from the McAfee Downloads site. The available Solidcore client package for Windows is SOLIDCOR<version> <build>_win.zip. In the file name, <version> and <build> represent the version and build number associated with the product. 2 Save the package file to an accessible location. 3 Open the package file. The Solidcore client package file includes the installers for all operating systems. 4 Extract the required installer. For the Windows operating system, different installers are available based on the target architecture and distribution. Each installer file name uses the setup win <os> <arch> <rel>.<build>.exe syntax. In the syntax: <arch> x86 for 32-bit architecture amd64 for AMD 64-bit architecture <os> Indicates the operating system to which the installer applies. Install the software in interactive mode In interactive mode, the installer starts a wizard that guides you through the installation process. 1 Log on to the system with administrator rights. 2 Navigate to the directory with the installer file and start the installer. For Windows 2008, Windows 2008 R2, Windows 7 (with UAC enabled), Windows 8.1, Windows 2012, or Windows 10, right-click the installer file in Windows Explorer and select Run as administrator. For other Windows platforms, double-click the installer file in Windows Explorer. 3 On the Welcome page, click Next to display the License Agreement page. 12 McAfee Application Control 8.2.0 - Windows Installation Guide

Install the software Install the software in a standalone environment 1 4 Accept the terms of the license agreement, then click Next to display the Customer Information page. a Enter the user and company information. b Enter the license key in the Serial Number field or select Install without license key. 5 Click Next to open the Destination Folder page. a Specify the installation folder. By default, the software files are placed in the <system drive>:\program Files\McAfee \Solidcore folder. b (Optional) Click Browse to specify a batch file (with commands) or an executable file to use in post-installation configuration. The specified file is started automatically after the software is installed in the system. 6 In the Ready to Install the Program page, click Install to begin the installation. 7 Click Finish to complete the installation. Install the software in silent mode To install the software in silent mode, use the provided command-line options to suppress all interaction and provide parameters for all options. When you install in silent mode, no messages are displayed. Instead, a log McAfee Application Control 8.2.0 - Windows Installation Guide 13

1 Install the software Install the software in a standalone environment file captures installation information, including whether the installation was successful. You can review the log file and determine the installation results. 1 Log on to the system with administrator rights. 2 Verify that the required installer is available. 3 Open a command window and run one of these commands. <installer-file> /s /v" /qn SERIALNUMBER=xxxx-xxxx-xxxx-xxxx-xxxx" <installer-file> /s /v" /qn UNLICVER=1" Notice the double quotes (") after /v and space between /s and /v. There is no space between /v and double quotes ("). Here is a description of all possible arguments for the command. In addition to the SERIALNUMBER or UNLICVER arguments, you can optionally specify one or more of these arguments with the command. Argument Description SERIALNUMBER Specify the license key for the installation. <installer-file> /s /v" /qn SERIALNUMBER=xxxx-xxxx-xxxx-xxxx-xxxx" UNLICVER SHORTCUT POSTINSTALL INSTALLDIR /l+*v Install the software without specifying the license key. Possible values for this argument are 0 and 1. A value of 1 indicates that you are installing the software without using the license key. <installer-file> /s /v" /qn UNLICVER=1" Create a desktop shortcut to access the command-line tool. Possible values for this argument are 0 and 1. Specify a value of 1 to create the shortcut and 0 to skip the shortcut creation. <installer-file> /s /v" /qn UNLICVER=1 SHORTCUT=1" Specify a file to perform post-installation configuration on the system. To specify file paths that contain spaces, enclose the paths in double quotes ("). <installer-file> /s /v" /qn UNLICVER=1 POSTINSTALL=\"C:\\My Dir\ \batch.exe\"" Install the software at a user-specified location. With this argument, you can specify a folder path of up to 240 characters (total string length including special characters). <installer-file> /s /v" /qn SERIALNUMBER=xxxx-xxxx-xxxx-xxxx-xxxx INSTALLDIR=\"C:\\My Dir\\McAfee\\Solidcore\"" Change the default location of the Solidcore_Installer.log file. By default, this file is placed in the SYSTEMROOT directory. <installer-file> /s /v" /qn UNLICVER=1 /l+*v \"C:\ \Solidcore_Installer.log\"" Verify the installation You can verify if the software was installed successfully on an endpoint. Check if these components exist: An entry for McAfee Solidifier is added to the Programs menu. The swin.sys file is added to the %SystemRoot%\Windows\System32\drivers location. The McAfee Solidifier Service is added under Windows services. 14 McAfee Application Control 8.2.0 - Windows Installation Guide

Install the software Install the software in a standalone environment 1 Product-specific registry settings are created: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swin HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scsrvc Additional files are placed in the installation directory. These files are internal to the product and should not be changed. Solidcore_Installer.log and solidcore_setup.log files are created under %SYSTEMROOT%. You can view the log file contents to verify if errors occurred during the installation. McAfee Application Control 8.2.0 - Windows Installation Guide 15

1 Install the software Install the software in a standalone environment 16 McAfee Application Control 8.2.0 - Windows Installation Guide

2 Upgrade 2 the software in a managed environment Contents Upgrade Solidcore extension manually Upgrade Solidcore extension with Software Manager Verify the Solidcore extension upgrade Add the Solidcore client package to the repository manually Add the Solidcore client package to the repository with Software Manager Upgrade the Solidcore client on the endpoints Verify the Solidcore client upgrade Upgrade Solidcore extension manually To access the new features in a release, you must upgrade the Solidcore extension. Before you begin Stop the McAfee epo Event Parser service. Back up the relevant files. 1 Select Control Panel Administrative Tools Services. 2 Right-click the McAfee epolicy Orchestrator <version> Event Parser service and click Stop. 3 Back up these items. McAfee epo database <McAfee epo install dir>\server\extensions\installed\solidcore directory <McAfee epo install dir>\server\conf\catalina\localhost\solidcore_meta.xml file 4 On the McAfee epo console, select Menu Software Extensions to open the Extensions page. 5 Click Install Extension, browse to and select the Solidcore_epo_extn_<ver>.<build>.zip file, then click OK. 6 Verify the information about the Install Extension page, then click OK. McAfee Application Control 8.2.0 - Windows Installation Guide 17

2 Upgrade the software in a managed environment Upgrade Solidcore extension with Software Manager Upgrade Solidcore extension with Software Manager Upgrade the Solidcore extension to access the new features in a release. You can also upgrade the Solidcore extension using Software Manager. Before you begin Stop the McAfee epo Event Parser service. Back up the relevant files. 1 Select Control Panel Administrative Tools Services. 2 Right-click the McAfee epolicy Orchestrator <version> Event Parser service, click Stop, and back up these items: McAfee epo database. <McAfee epo install dir>\server\extensions\installed\solidcore directory. <McAfee epo install dir>\server\conf\catalina\localhost\solidcore_meta.xml file. 3 On the McAfee epo console, select Menu Software Software Manager. 4 From the Product Categories list, select Software (by Label) Endpoint Security. 5 Select McAfee Application Control 8.2.0 or McAfee Change Control 8.2.0. 6 Click Update for the epo Management Extension. 7 On the Update Software Summary page, click OK. Verify the Solidcore extension upgrade To access the new features in a release, you must check if the Solidcore extension was upgraded successfully. 1 Check if the Solidcore product name appears in the Extensions list. If the product name is not listed or you encounter errors during upgrade, review the Orion.log file in the <McAfee epo install dir>\server\logs directory to analyze the cause of the failure. After you upgrade the Solidcore extension, the domain NetBIOS Name is not available for existing users imported directly from an Active Directory to rule groups and policies. To make sure the domain NetBIOS Name is available for such users, delete and reimport users from the Active Directory. After the upgrade, any users that you import from the Active Directory and add to new or existing rule groups and policies automatically include the domain NetBIOS Name. 2 Start the McAfee epo Event Parser service. a Select Control Panel Administrative Tools Services. b Right-click the McAfee epolicy Orchestrator <version> Event Parser service and click Start. 18 McAfee Application Control 8.2.0 - Windows Installation Guide

Upgrade the software in a managed environment Add the Solidcore client package to the repository manually 2 3 Verify that migration of data was successful. a On the McAfee epo console, select Menu Automation Server Log. b c Check if the Solidcore: Migration server task is complete. This server task completes upgrade-related activities. If the task is in progress, wait until the task completes. Make sure you do not edit any existing settings while this task is in progress. If the migration fails, review the Server Log, resolve any issues, and run the Solidcore: Migration server task manually to complete the migration. 4 (Optional) Run the Rule Group Sanity Check server task from the McAfee epo console to fix the inconsistencies in the rule groups. This task updates and corrects the Solidcore Rule Group for errors in installers and certificates. This task also issues warnings for trusted groups related issues. a b c d e f g On the McAfee epo console, select Menu Automation Server s. Click New to open the Server Builder wizard. Type the task name and click Next. Select Solidcore: Rule Group Sanity Check from the Actions drop-down list, then click Next. Specify the schedule for the task, then click Next to open the Summary page. Review the task summary and click Save. Review the logs generated by the server task (on the Server Log page) to view the warnings, if any. Add the Solidcore client package to the repository manually Before you can upgrade, you must add the Solidcore client package to the McAfee epo Master Repository. Before you begin To review system requirements, see KB76459. 1 On the McAfee epo console, select Menu Software Master Repository to open the Packages in Master Repository page. 2 Click Check In Package. 3 Set the package type to Product or Update (.ZIP). 4 Browse to and select the package (.zip) file, then click Next to open the Package Options page. 5 Check and confirm the information. Package info: Verify the package details. Branch: Select the branch you want. Set to Current for new products. Options: (Optional) Select the Move the existing package to the Previous branch option to move an existing package to the Previous branch. McAfee Application Control 8.2.0 - Windows Installation Guide 19

2 Upgrade the software in a managed environment Add the Solidcore client package to the repository with Software Manager Package signing: Indicates if the package is signed by McAfee or if it is a third-party package. Conflicting Packages that will be removed: Displays a list of packages, if any, to be deleted. 6 Click Save to check in the package. The new package appears in Packages in Master Repository list. Add the Solidcore client package to the repository with Software Manager Before you can upgrade, you must add the Solidcore client package to the McAfee epo repository. You can add it automatically using Software Manager. Before you begin To review system requirements, see KB76459. 1 On the McAfee epo console, select Menu Software Software Manager. 2 Click the Refresh button at the top of the page, next to Software Manager. Wait until you see a green check next to the button. 3 From the Product Categories list, select Software (by Label) Endpoint Security. 4 Select McAfee Application Control 8.2 or McAfee Change Control 8.2. 5 Under Components, select the build you want to install. Check the build number under Available Version and Additional Check In Details. 6 Click Update for the Solidcore Client package. 7 On the Update Software Summary page, click OK. Upgrade the Solidcore client on the endpoints You must upgrade the Solidcore client on the endpoints to access new features available in the recent version. 1 On the McAfee epo console, select Menu Systems System Tree. 2 Apply the client task to a group or an endpoint: Group Select a group in the System Tree and click the Assigned Client s tab. Endpoint Select the endpoint on the Systems page and click Actions Agent Modify s on a Single System. 3 Click Actions New Client Assignment to open the Client Assignment Builder page. 4 Select the McAfee Agent product, Product Deployment task type, then click Create New to open the Client Catalog page. 20 McAfee Application Control 8.2.0 - Windows Installation Guide

Upgrade the software in a managed environment Verify the Solidcore client upgrade 2 5 Specify the task name, add any descriptive information, select the target platform, then specify the component and action: Select the appropriate package from the Products and components list. Select the Install action. Select the language of the package. Set branch to Current for new packages. 6 Click Save, then click Next to open the Schedule page. 7 Specify scheduling details, click Next, then click Save. 8 Restart the endpoints. Verify the Solidcore client upgrade Once you upgrade the Solidcore client, you can check if it was upgraded successfully on an endpoint. 1 On the McAfee epo console, select Menu Systems System Tree. 2 Select a group or endpoint from the list to view its details in the Systems tab. 3 Review logs from the McAfee epo console. a Select an endpoint on the Systems page. b c Select Actions Agent Show Agent Log to view the agent log for the endpoint. Check the log to verify that the software was successfully upgraded on the endpoint. 4 Review the properties for the endpoint. a Click Wake Up Agents to fetch properties immediately. b c Click an endpoint on the Systems page to view its details. Select the Products tab and review the Solidcore version. Click the row to review additional information, including the product version and installation path. If the Solidcore information is not listed or is incorrect, check the log files on the endpoint to verify that the software was successfully upgraded. If the Solidcore client upgrade fails, the log files provide information about the cause for failure. McAfee Application Control 8.2.0 - Windows Installation Guide 21

2 Upgrade the software in a managed environment Verify the Solidcore client upgrade 22 McAfee Application Control 8.2.0 - Windows Installation Guide

3 Upgrade the software in a standalone environment You can upgrade Change Control or Application Control in the standalone configuration, also called unmanaged or self-managed. You can upgrade the software in one of these modes: Interactive mode An installation wizard guides you through the steps required to upgrade the software. Silent mode Upgrade is non-interactive with no progress bar or displayed messages. Instead, a log file captures information, including whether the upgrade was successful. You can review the log file and determine the results of the upgrade. Recommended for medium- and large-scale deployments. Contents Preparing to upgrade Upgrade in interactive mode Upgrade in silent mode Verify the upgrade Preparing to upgrade Before upgrading the software, review these guidelines and make sure that your environment meets all requirements. Upgrade is possible only at the existing installation location. Upgrading to an alternative path is not supported. Upgrade is supported in Update, Enabled, and Disabled modes. You can upgrade the software in Enabled mode on all supported Windows platforms. If you are using a software distribution tool to upgrade in Enabled mode, assign updater rights to all relevant binary files of the software distribution tool. To assign updater rights to a file, use this command: updaters add <binary file> If you upgrade in Disabled mode, make sure that you re-create the whitelist for the system when using the software. The default rule list (as available in a fresh installation) isn't imported on an upgrade. All existing monitoring, filter, read-protect, and write-protect rules applied before upgrade remain intact. Restart the system after you upgrade the software. McAfee Application Control 8.2.0 - Windows Installation Guide 23

3 Upgrade the software in a standalone environment Upgrade in interactive mode Upgrade in interactive mode You can upgrade the software in interactive mode on a Windows system. 1 Log on to the system with administrator rights. 2 Navigate to the directory with the installer file. 3 Switch to Update mode. > sadmin begin-update If your system is in Enabled or Disabled mode, you can upgrade in the current mode. In Enabled mode, you can upgrade the software on all supported Windows platforms. Before using a software distribution tool to upgrade in Enabled mode, assign updater rights to all relevant binary files. To assign updater rights to a file, use the updaters add <binary file> command. 4 Start the installer. For Windows 2008, Windows 2008 R2, Windows 7 (with UAC enabled), Windows 8.1 or Windows 2012, right-click the installer file in Windows Explorer and select Run as administrator. For other Windows platforms, double-click the installer file in Windows Explorer. A message prompts you to confirm if you want to upgrade the software. Click Yes to continue. 5 Click Next to begin the upgrade. 6 When the Update Complete page appears, click Finish. 7 When prompted to restart the system, click Yes. 8 Exit Update mode. > sadmin end-update This step places the system in Enabled mode. Upgrade in silent mode You can upgrade the software in Silent mode. If your system is in Enabled or Disabled mode, you can upgrade in the current mode. In Enabled mode, you can upgrade the software on all supported Windows platforms. Before using a software distribution tool to upgrade in Enabled mode, assign updater rights to all relevant binary files. To assign updater rights to a file, use the updaters add <binary file> command. 1 Log on to the system with administrator rights. 2 Verify that the required installer is available. 3 Open a command window and switch to Update mode. > sadmin begin-update 24 McAfee Application Control 8.2.0 - Windows Installation Guide

Upgrade the software in a standalone environment Verify the upgrade 3 4 Run one of these commands. <installer-file> /s /v" /qn <installer-file> /s /v" /qn Notice the double quotes (") after /v and space between /s and /v. There is no space between /v and double quotes ("). Here is a description of all possible arguments for the command. You can optionally specify one or more of these arguments. Argument SHORTCUT Description Create a desktop shortcut to access the command-line tool. Possible values for this argument are 0 and 1. Specify a value of 1 to create the shortcut and 0 to skip the shortcut creation. <installer-file> /s /v" /qn UNLICVER=1 SHORTCUT=1" POSTINSTALL Specify a file to perform post-installation configuration on the system. To specify file paths that contain spaces, enclose the paths in double quotes ("). <installer-file> /s /v" /qn UNLICVER=1 POSTINSTALL=\"C:\\My Dir\ \batch.exe\"" INSTALLDIR /l+*v Install the software at a user-specified location. With this argument, you can specify a folder path of up to 240 characters (total string length including special characters). <installer-file> /s /v" /qn SERIALNUMBER=xxxx-xxxx-xxxx-xxxx-xxxx INSTALLDIR=\"C:\\My Dir\\McAfee\\Solidcore\"" Change the default location of the Solidcore_Installer.log file. By default, this file is placed in the SYSTEMROOT directory. <installer-file> /s /v" /qn UNLICVER=1 /l+*v \"C:\ \Solidcore_Installer.log\"" 5 Restart the system to complete the upgrade. 6 Exit Update mode. > sadmin end-update This step places the system in Enabled mode. Verify the upgrade You can verify if the software was upgraded successfully. 1 Run the sadmin version command to verify that the correct version of the software is listed. 2 Check if these components still exist: An entry for McAfee Solidifier in the Programs menu. The swin.sys file at the %SystemRoot%\Windows\System32\drivers location. The McAfee Solidifier Service under Windows services. Product-specific registry settings: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swin HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scsrvc McAfee Application Control 8.2.0 - Windows Installation Guide 25

3 Upgrade the software in a standalone environment Verify the upgrade Additional files in the installation directory. These files are internal to the product and cannot be changed. Solidcore_Installer.log and solidcore_setup.log files under %SYSTEMROOT%. You can view the log file contents to verify if errors occurred during the upgrade. 26 McAfee Application Control 8.2.0 - Windows Installation Guide

4 Uninstall 4 the software in a managed environment Contents Remove the Solidcore client Remove the Solidcore extension Remove the Solidcore client package Remove the Solidcore client You must remove the Solidcore client from the endpoints to uninstall the software. 1 Place the endpoints in Disabled mode. 2 Restart the endpoints. 3 On the McAfee epo console, select Menu Systems System Tree. 4 Perform one of these actions: To apply the client task to a group, select a group in the System Tree and switch to the Assigned Client s tab. To apply the client task to an endpoint, select the endpoint on the Systems page and click Actions Agent Modify s on a Single System. 5 Click Actions New Client Assignment to open the Client Assignment Builder page. 6 Select the McAfee Agent product, Product Deployment task type, and click Create New to open the Client Catalog page. 7 Specify the task name, add any descriptive information, select the platform, and specify the components and action: Select the appropriate package from the Products and components list, then click Remove. Select the language of the package and Set branch to Current for new packages. 8 Click Save, then click Next to open the Schedule page. Specify scheduling details and click Next and Save. McAfee Application Control 8.2.0 - Windows Installation Guide 27

4 Uninstall the software in a managed environment Remove the Solidcore extension 9 Verify the Solidcore client removal. a Click Wake Up Agents to fetch properties immediately. Typically, information is exchanged between the agent and the server after an agent-server communication interval (ASCI). The default ASCI value is 60 minutes. Send an agent wake-up call to verify immediate communication and data exchange between the server and the agent, without waiting for the ASCI to expire. b c Click an endpoint on the Systems page to view details for the selected endpoint. Click the Products tab and make sure that Solidcore is not listed. Remove the Solidcore extension You must remove the Solidcore extension from the McAfee epo server to successfully uninstall the software. If you uninstall the Solidcore extension, the extension is removed from the McAfee epo server and database with all associated policies and tables. 1 On the McAfee epo console, select Menu Software Extensions to open the Extensions page. 2 Select Solidcore from the Extensions list. 3 Click Remove. 4 Verify that the Solidcore product name no longer appears in the Extensions list. If the product name is not removed or you encounter errors when you uninstall, review the Orion.log file in the <McAfee epo install dir>\server\logs directory to analyze the cause of the failure. Remove the Solidcore client package You must remove the Solidcore client package from the McAfee epo server to successfully uninstall the software. 1 On the McAfee epo console, select Menu Software Master Repository to open the Packages in Master Repository page. 2 Select Delete for a package. 28 McAfee Application Control 8.2.0 - Windows Installation Guide

5 Uninstall 5 the software in a standalone environment Contents Uninstall in interactive mode Uninstall in silent mode Uninstall in interactive mode You can uninstall the software in interactive mode. The installer starts a wizard that guides you through the uninstallation. 1 Log on to the system with administrator rights. 2 Switch to Disabled mode. > sadmin disable Disabling the software requires a system reboot. 3 Start the installer. For Windows 7 and later, navigate to and open the Programs and Features window. For other Windows platforms, navigate to and open the Add or Remove Programs window. 4 Select McAfee Solidifier from the list of programs and click Remove. A message prompts you to confirm if you want to remove the software. 5 Click Yes to continue. The software is removed from the system. During uninstallation, all software-related files are removed from the system. A few files might remain in your system. Perform these steps to remove the remaining files: Empty the Solidcore folder in the installation directory (typically, C:\Program Files\McAfee) Empty the Certificate folder if it contains any public certificates. If needed, you can manually delete these components. McAfee Application Control 8.2.0 - Windows Installation Guide 29

5 Uninstall the software in a standalone environment Uninstall in silent mode Uninstall in silent mode You can uninstall the software in silent mode. To perform a silent uninstall, use the command-line options to suppress interaction and provide parameters for all options. 1 Log on to the system with administrator rights. 2 Open a command window and switch to Disabled mode. > sadmin disable Disabling the software requires a system reboot. 3 Run this command. %SYSTEMROOT%\system32\msiexec.exe /X{432DB9E4-6388-432F-9ADB-61E8782F4593} /qn After uninstalling the software, check if components have been deleted: An entry for McAfee Solidifier is not added to the Programs menu. The swin.sys file is not at the %SystemRoot%\Windows\System32\drivers location. The McAfee Solidifier Service is not under Windows services. Product-specific registry settings have been deleted: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swin HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scsrvc Additional files are not in the installation directory. Solidcore_Installer.log and solidcore_setup.log files are not under %SYSTEMROOT%. 30 McAfee Application Control 8.2.0 - Windows Installation Guide

0-00

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback