Loading...

Knowledge Center


User interface enhancements in Application Control 7.0.x
Technical Articles ID:   KB86182
Last Modified:  1/19/2016

Environment

McAfee Application Control (MAC) 7.0.x

Summary

This article lists the user interface enhancements in Application Control 7.0.x.
  • Starting with Application Control 7.0.0, file trust level is classified into seven levels of reputation:
     
    Prior to MAC 7.0.0
    (Trust Levels)
    MAC 7.0.0 and later
    (Reputation Levels)
    Good Known Trusted
    Most Likely Trusted
    Might be Trusted
    Bad Might be Malicious
    Most Likely Malicious
    Known Malicious
    Unclassified Unknown
     
  • Inventory page enhancements:
    • Certificate details are available on the Inventory page.
    • Improved application classification by reducing the number of unknown applications. This is achieved by computing the enterprise reputation using file and certificate reputation. For more information, see KB85695.
     
  • Policy Discovery page enhancements:
    • Single-click links to the Inventory, Events, and TIE Reputation pages.
    • Enhanced tool tips to allow copying of Certificate, Object Name, and Binary SHA1 details.
    • Updated hover text for the Activity column. The following table lists the mapping between event type, activity, and hover text.
 
Event Type Scenario Activity Hover Text
Deny Exec (Non-network path)     EXECUTION_DENIED for a binary Application Execution Execution of an application
not in whitelist
EXECUTION_DENIED for a script Script Execution Execution of a script not in
whitelist
EXECUTION_DENIED when Self Approval
pop-up could not be shown and the request
was auto approved
Application Execution
at Startup
Boot Time Execution allowed
for a binary not in whitelist
Deny Write WRITE_DENIED for a non-critical process Binary Modification Whitelisted application modified
by a non-trusted agent
WRITE_DENIED for a critical process and
the action is Modify
Modification of a binary in whitelist
WRITE_DENIED when Self Approval pop-up
could not be shown and the request was
auto approved
Binary Update at Start Up Boot Time Update allowed for
a binary in whitelist
Deny Exec (network path)     EXECUTION_DENIED from network path Network Path Execution Execution from Network Path
Package Control Denial PKG_MODIFICATION_PREVENTED
for MSI-based installers
Software Installation Installation of an application
not in whitelist
Active X Denial ActiveX Installation is prevented ActiveX Installation Installation of an ActiveX
not in whitelist
Memory Protection NX/Process hijack    PROCESS_HIJACKED Memory Protection Violation CASP Memory protection violation for a binary in whitelist
NX_VIOLATION_DETECTED NX Memory protection violation
for a binary in whitelist
VASR_VIOLATION_DETECTED VASR Memory protection violation for a binary in whitelist
Executable extracting MSI files EXECUTION_DENIED for installers Software Installation Installation of an application
not in whitelist
Executable extracting
binary files (exe/dll/driver)
and script files
WRITE_DENIED for binary and script files Binary Addition New binary generated
by a non-trusted agent
Executable removing files Executable removing files Software Uninstallation Uninstall of a software
in whitelist
 
For more information on Application Control Policy Discovery, see KB79576.
  • Events page enhancements:
    • Enhanced the Create Policy link by auto-populating relevant rules.
    • Single-click links to the Policy Discovery, Inventory, and TIE Reputations pages.
    • New attributes (such as MD5, SHA1, Deny Reason, Parent Process, and File Type) included for deny events.
     
  • Exclusions (skiplist) management through policy:
    • Skiplist rules are now configurable from the Application Control and General Exceptions policy.
    • For a list of user interface enhancements in exclusion rules, see KB86185.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.