Loading...

Knowledge Center


User interface enhancements for exclusion rules in Application Control 7.0.x
Technical Articles ID:   KB86185
Last Modified:  3/3/2017

Environment

McAfee Application Control (MAC) 7.0.x

Summary

This article contains frequently asked questions about the enhancements for exclusion rules in Application Control 7.0.x. You can define exclusions rules to override or bypass the applied memory protection and other techniques.
 
What is new in Application Control 7.0.x exclusion rules?
You can now create skiplist rules for the following:
  • Exclude path from file operations — Bypasses the relative path from file operations using the skiplist -i command. The Relative Path field allows you to specify the relative path.
     
  • Exclude path from write-protection rules — Bypasses the relative path from file write-protection rules using the skiplist -d command. The Relative Path field allows you to specify the relative path.
     
  • Exclude local path and all its contained files and sub-directories from the whitelist — Bypasses the local path and all its contained files and subdirectories from the whitelist using the skiplist –s command. The Path field allows you to specify the local path.
     
  • Exclude volume from Application Control protection — Bypasses the volume from Application Control protection using the skiplist -v command. This option detaches the specified volume from the whitelist. The Volume field allows you to specify the volume.
What has changed in Application Control 7.0.x exclusion rules?
The following has changed:
  • There are updated UI strings for all options.
  • You can create rules for authorized files and unauthorized files from the Binaries tab only.
What will happen after upgrading to Application Control 7.0.x?
The following will happen after the upgrade:
  • Exception rules for a file with multiple attributes will be migrated to a rule for each attribute with the same file or process name.
     
    Example:
     
    Before upgrade:
     
     
    After upgrade:
     
     
  • Rules for Always Authorized (Deprecated) and Always Unauthorized (Deprecated) previously included on the Exceptions tab will be migrated to the Binaries tab.
     
  • For rules for Always Authorized (Deprecated) and Always Unauthorized (Deprecated), a new policy (with the same name and migrated string as the suffix) will be created in the Application Control policy after migration and corresponding rules will be listed on the Binaries tab. You need to manually assign these policies to a group or system.
     
    NOTE: This change will be applied to both Windows and UNIX platforms for:
    • McAfee Default policies and rule groups
    • User-defined policies and rule groups
    • General Exception policies
 

Rate this document

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.