Reference |
Article |
Found in Version |
Resolved in Version |
Description |
|
KB79201 |
|
|
Issue: For JAR files, the Java interpreter can run a JAR file from any extension. Renaming a valid JAR file to a file with a different extension still allows it to be executed.
Workaround: See the Knowledge Base article for details. |
801531 |
|
|
|
Issue: If Driver Verifier (verifier.exe) is enabled, MAC / MCC might not function as expected. |
608418 |
|
|
|
Issue: The Original Username reported in events is the same as the Username. |
600805 |
|
|
|
Issue: While opening a write-protected network share in File Explorer, a few deny-write errors are observed. |
603747 |
|
|
|
Issue: The trusted, solidified, and write-protect features do not work correctly for folder-mounted volumes.
Workaround: Contact Technical Support for assistance if the setup uses folder-mounted volumes. |
608036 |
|
|
|
Issue: Mapped drive names cannot be used in commands issued by remote users/ePO. |
595570
595025
595511
595615
597243
598406
595043
607434
607899
611229
|
|
|
|
Issue: The following applications are incompatible with the Solidcore Agent for Windows. Contact Technical Support for further assistance.
- Panda Titanium Antivirus 2005
- Spyware Doctor
- BlackIce
- Trojan Hunter
- BitDefender
- BufferZone
- Twister Anti-Trojan Virus 2005
- Trend Micro OfficeScan 8.0, Trend Micro Antivirus 2008
- Double-Take
- Cisco Security Agent
|
594579
|
|
|
|
Issue: Unsolidified scripts cannot be copied using the MS-DOS command prompt on a solidified system. Any read access to unsolidified scripts by a script interpreter configured for that script is denied, which generates unauthorized execution events. To avoid these problems, perform the file operation using Windows Explorer. |
608647 |
|
|
|
Issue: On 64-bit systems, multiple events might get generated when an unauthorized binary file is executed. The Windows operating system tries to run the binary multiple times by using a reduced set of attributes until final failure. |
608745 |
|
|
|
Issue: Files that are read-protected by the user (using the 'sadmin read-protect' command) cannot be solidified. |
643688
|
|
|
|
Issue: If you try an ActiveX installation before enabling the ActiveX feature and retry the installation after enabling the ActiveX feature, ActiveX might not get installed properly.
Workaround: If the ActiveX installation fails, delete all files in the \windows\downloaded program files directory on the endpoint, and remove all .cab files in the temporary Internet files. Then, install the ActiveX control on the endpoint. |
602194 |
|
|
|
Issue: The package control feature is not able to stop the installation of some applications, such as Gvim and Winrar. |
616147 |
|
|
|
Issue: For standalone Solidcore Agent installation (in other words, installation not done via ePO) on endpoints where Oracle is installed, you must run finetune.bat manually at the endpoints to apply Oracle-specific rules. |
599348 |
|
|
|
Issue: On viewing the properties of a file on the local drive, deny-write and deny-exec events are generated for the solidified and unsolidified files, respectively. |
601126 |
|
|
|
Issue: When copying solidified files to a rewritable CD, although the files are copied successfully, deny-write errors are logged. |
601427 |
|
|
|
Issue: On 64-bit platforms, Enum or Performance in sub keys is bypassed from Solidcore Agent protection. Thus, when you delete a write-protected registry key with Enum or Performance in sub keys, you might get a partial completion status. |
616089 |
|
|
|
Issue: In the output of the sadmin diag command on the Spanish locale, read 'actualizadores agregar' as 'updaters add'.
For example, the following output:
* actualizadores agregar -t DIAG: cmd.exe -p explorer.exe ""cmd.exe""
Should be read as:
* updaters add -t DIAG: cmd.exe -p explorer.exe ""cmd.exe""
|
600748 |
|
|
|
Issue: Multiple deny write events can get generated for a single deny write action. For example, on deletion of a file using Windows Explorer, up to 8 file deletion events are reported. When the application denies deletion of a file, Windows Explorer tries multiple methods to delete the file, resulting in an event for each attempt. |
695246 |
|
|
|
Issue: Although the Solidcore NX protection is based on system DEP, it is possible that some applications work with system DEP but not with Solidcore NX. In such cases, if processes are added to the Solidcore NX bypass list, the system DEP protection is enabled for the processes. |
720663 |
|
|
|
Issue: Editing the Updater Label for an existing trusted publisher in an Application Control policy fails. Although the label changes in the ePO console, the change is not reflected on the endpoints. |
713989 |
|
|
|
Issue: If Application Control and Spector are installed on an endpoint and MP-CASP is enabled, Internet Explorer crashes. |
652602 |
|
|
|
Issue: If you disable the deny-exec-exes feature on any Windows (64-bit) operating system, change the extension of an exe to .sys, and try to run the .sys file, execution of the .sys file is prevented. Or, if you change the file extension to dll, you can run the file even if the deny-exex-dlls feature is enabled. |
607574 |
|
|
|
Issue: On opening a network share (for systems running Windows Vista, Windows 7, and Windows 2008), deny-write and deny-exec events are generated for the binary files present on the network share. These events occur because Windows Explorer tries to fetch the icons for the files stored on the network share. |
768708 |
|
|
|
Issue: You are unable to set the flag fs-passthru 'p' and the flag vasr forced reloc 'v' together with the extra information flag 'o' in the attr command. |
770362 |
|
|
|
Issue: You are unable to set more than one dll to bypass from VASR forced reloc. |
794445 |
|
|
|
Issue: Solidified batch files, when copied using another batch file, fail. |
803731 |
|
|
|
Issue: With network tracking disabled, Self Approval functionality does not work for network shares. |
803948 |
|
|
|
Issue: Deny-Exec on a Script file is reported if Network tracking is disabled on a 64-bit architecture. |
808857 |
|
|
|
Issue: A Self Approval pop-up displays if a file is opened with the execute flag even if the file is not executed. |
808964 |
|
|
|
Issue: An Auth rule for a process making file changes does not get added correctly if allowed through Self Approval. |
812964 |
|
|
|
Issue: If you remove the Updater flag for a certificate rule, the certificate is still listed as an Updater on the endpoint. |
816108 |
|
|
|
Issue: A file, authorized by checksum, is denied for execution when run from a network share. |
810072 |
|
|
|
Issue: While running a 16-bit executable with Self Approval enabled, the file type is listing as script. |
819876 |
|
|
|
Issue: A process that does not work as an Updater is configured as an Updater through auth by checksum.
Workaround: Configure the process as an Updater by name. |
888634
|
|
|
|
Issue: An unclean uninstallation of Adobe Flash Player occurs when pkg-ctrl-allow-uninstall is enabled.
Workaround: sadmin updaters add "C: \WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe". |
888632
|
|
|
|
Issue: A repair of .NET 3.5 fails.
Workaround: Add the below Updater rules:
- C: \WINDOWS\system32\msiexec.exe
- C: \WINDOWS\syswow64\msiexec.exe
|
885091
|
KB78642 |
|
|
Issue: You are unable to install Visual Studio 2010 Ultimate via Updater.
Workaround: See the Knowledge Base article for details. |
887965
|
|
|
|
Issue: Uninstallation of applications is not blocked even if the pkg-ctrl-allow-uninstallation feature is disabled.
Workaround: Run the sadmin clg command after each installation of an application to block the removal. This command clears out all cached GUIDs from the system. |
888878 |
|
|
|
Issue: Multiple package control prevention events are seen while uninstalling and repairing Visual Studio 2010.
Workaround: Add "\Microsoft SDKs\Windows\v7.0A\Bin" to trusted path: "sadmin trusted -u "\Microsoft SDKs\Windows\v7.0A\Bin". |
884396
|
|
|
|
Issue: You are unable to install Adobe Flash Player 11 when the pkg-ctrl-bypass feature is enabled.
Workaround: sadmin updaters add InstallAX_11_6_602_180.exe. |
883381
|
|
|
|
Issue: Self Approval pop-ups for a user session are displayed on a console session instead of a user session.
Workaround: Run the following Solidcore commands from the command line:
sc config AeLookupSvc type= own
sadmin updaters add -l aelupsvc.dll svchost.ex
|
915562
|
KB79517 |
|
|
Issue: McAfee Solidifer upgrade from 6.1.1 to 6.1.2 fails in Observe mode.
Workaround: See the Knowledge Base article for details. |
910080
|
|
|
|
Issue: Package Control, if an application has ctor.dll in its uninstall string, another application using ctor.dll, is not installed when pkg-ctrl-allow-uninstall is disabled.
Workaround: As a workaround for mode 1 of package control, the user can make the ctor.dll an Updater using the complete path. Example: C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll. For Package Control modes, see PD24669. |
916640
|
|
|
|
Issue: Deny Execution is not skipped for a drive after removing the skiplist -v flag without a reboot.
Workaround: A reboot is required to make it work. |
910485
|
KB79658 |
|
|
Issue: Package Control removal of an application fails using Add/Remove Programs if an application is installed for a particular user.
Workaround: See the Knowledge Base article for details. |
901147
|
|
|
|
Issue: Installer (Auto-IT), first shown as script type, after copying to some other location, is showing as pe32-exe. |
911678
|
|
|
|
Issue: Package Control is unable to repair Visual Studio 2010 Ultimate if installed in Update mode. |
903914
|
|
|
|
Issue: You see File Write Denied events when you run .exe files, marked as an Updater, by double-clicking them. |
919300
|
|
|
|
Issue: A Trusted Path operation fails if the operation is performed on a local share mounted as a network share locally. |
920568
|
KB79987 |
6.x |
8.0.0.651 |
Issue: The upgrade version is not updated on the ePO server and the McTray About box after an endpoint upgrade.
Workaround: See the Knowledge Base article for details. |
940286
|
|
|
|
Issue: A Pkg-modification-prevented event is raised during a MAC upgrade. |
948349
|
|
|
|
Issue: Multiple deny-write events for a Self Approval pop-up for putty.exe are recorded when execution is done after downloading the file from the internet. |
940085 |
KB73484 |
|
|
Issue: There is a known incompatibility between McAfee Application Control and SafeNet ProtectFile: File Encryption and Protection software. |
953257 |
|
|
|
Issue: Script files can execute from the unsolidified drive on the system. |
1020973 |
|
|
|
Issue: Adobe32 stops working with MPCompat.
Workaround: To resolve this issue, use one of the following workarounds:
- (Recommended) Disable VSE BOP or put adobe32 in the escape list of VSE BOP.
- Disable MP CASP and MP VASR for Adobe32.
- Disable Adobe32 protection mode.
|
1027687
|
KB84043 |
All Versions |
|
Issue: Upgrade to Application Control or Change Control 6.2 fails for endpoints.
Workaround: See the Knowledge Base article for details. |
988624
|
KB84044 |
|
|
Issue: Application Control inventory generation can take longer than 24 hours to resume after reaching the throttling threshold limit.
Workaround: See the Knowledge Base article for details. |
1026279
|
KB84045 |
|
|
Issue: Another rule is needed to run Perl with Application Control.
Workaround: See the Knowledge Base article for details. |
1017933
|
KB84046 |
|
|
Issue: You are unable to apply an Application Control policy with a trusted path that contains an environment variable.
Workaround: See the Knowledge Base article for details. |
1045414 |
|
|
|
Issue: In the system Event Viewer logs, a "Microsoft-Windows-Kernel-General" error message is logged while writing to the registry during start. |
1079808 |
|
|
|
Issue: The Solidifier service fails to start with the app-verifier "low resource" option selected. |
1074569 |
|
|
|
Issue: The Solidifier service fails to start in Disable mode when an inventory sync from scinvlog.bak to scinv occurs and you restart the system. |
1079819 |
|
|
|
Issue: File creation fails for long file name execution. |
1111630 |
|
|
|
Issue: MAC is not receiving reputation updates from the TIE server. |
1088137 |
|
|
|
Issue: The wrong parent process information displays for binary addition activity on the Policy Discovery page. |
1115590 |
|
|
|
Issue: Serial numbers are displayed as encoded on the TIE Reputation page. |
1115107 |
|
|
|
Issue: You get an observation for Scanalyzer.exe even if there is an Advance Exclusion Filter (AEF) rule to suppress observations from that path. |
1112186 |
|
|
|
Issue: MAC 7.0.0 supports the proxy without authentication for the GTI feature on endpoints. If the proxy is set without authentication, you can use commands in the netsh winhttp context to configure proxy and tracing settings for Windows HTTP. You can run the netsh commands for winhttp manually at the netsh prompt or in scripts and batch files. |
1049573 |
KB85156 |
All Versions |
|
Issue: System slows or stops responding while accessing files over the network |
|
KB85696 |
7.0.0 |
Will not Fix |
Issue: Binary is signed by a certificate, but an ‘Allow by Certificate’ rule can't be created |
|
KB86846 |
7.0.0 |
|
Issue: ERROR: fshooks.c : 687: Could not validate filename OR filename is invalid: (DFS replication fails with Application and Change Control installed) |
|
KB86847 |
7.0.0 |
|
Issue: Installation of plan failed. FatalIOException: Unable to create file (vSphere* fails to load when Application Control is installed) |
|
KB87257 |
7.0.0 |
Will Not Fix |
Issue: Installer Detection bypass option is Deprecated for endpoints running version 6.1.1 and later (Package Control in relation to the architecture rules for the attr -i command) |
|
KB87470 |
7.0.0 |
7.0.1 HF4 and 8.0 |
Issue: Microsoft Windows Update can’t be installed when Application and Change Control is configured in Enable, Observe, or Update mode |
|
KB88091 |
6.x and 7.x |
|
Issue: Application Control causes a Windows error event to occur when a new USB disk is connected to a solidified client |
|
KB88092 |
7.0 |
Will Not Fix |
Issue: The default TIE Server configuration could affect sample submission for some endpoint clients |