Loading...

Knowledge Center


Application and Change Control license support
Technical Articles ID:   KB90666
Last Modified:  6/5/2019
Rated:


Environment

McAfee Application and Change Control (MACC) 8.x.x, 7.x.x, 6.2.x (Windows-based operating systems)
McAfee Application and Change Control (MACC) 6.2.0
McAfee ePolicy Orchestrator (ePO) 5.9.x (Extension 8.0.0.194 and later), 5.3.x, 5.1.x

Windows – all versions except Windows NT and Windows 2000

For information about MACC supported environments, see KB87944.

Summary

This article describes the license models for the MACC product (Solidcore) and how to apply them.

MACC license models
  • Managed licenses are for MACC clients managed by ePO and require installation of the Solidcore Extension in ePO. The ePO extension allows for ease of management of MACC client rules and features from a central location (ePO). For more information, see the MACC Product Guide for your product version.
  • Standalone licenses are for systems with limited network access. Typical use is for kiosk systems or ATMs where Internet connections are disabled or not available. Administrators have MACC installed and configured before deployment.
MACC license types
  • Solidcore Extension
    • Change Control (includes Integrity Monitor)
    • Application Control
    • Integrity Control
  • Standalone Solidifier
    • Change Control (includes Integrity Monitor)
    • Application Control
    • Integrity Control
The Application Control license allows administrators to build a whitelist of known applications. Application Control is deployed to allow only authorized applications to run, and prevent unauthorized applications from running in a corporate environment. Unauthorized application events are sent to an ePO server for administrators to review and determine if specific applications need to be authorized.

The Change Control license is for monitoring systems for file changes. Change Control tracks file activities on systems and generates events back to an ePO server for administrative review. Typical uses are for PCI compliance and reporting, or tracking directories of interest.

NOTE: The Change Control license includes the Integrity Monitor features and functions when the license is added to the ePO server and MACC clients.

The Integrity Control license is a combined license that includes both Application Control and Change Control features and functions. This license is mostly deployed to Point-of-Sale (POS) systems. POS systems such as self-service checkouts at stores or gas stations, are exposed to physical hacks. This license model locks down a system with approved applications and reporting on file changes, to meet PCI compliance requirements.

Remove an existing MACC license
To remove an existing license on an MACC client:
  1. On the client, place MACC in DISABLED mode and restart.
  2. After the restart completes, uninstall the MACC client software and restart.
  3. After the restart completes, reinstall the MACC client software.
  4. Activate the appropriate MACC licenses after reinstallation completes.
NOTE: MACC licenses cannot be removed from the system after they are added. You must uninstall and reinstall the product.

Adding a license to a client after you have enabled one license
To add an additional license to a client after a license has been added and MACC has been enabled:
  1. On the client, place MACC in DISABLED mode and restart.
  2. After the client restarts completely, push your ENABLE Client Task with the license you want to add.
NOTE: MACC licenses cannot be removed from the system after they are added. You must uninstall and reinstall the product.

Apply a MACC license
Before you begin, make sure the local Solidifier command-line interface (CLI) is in restricted mode.
  1. Select Menu, Systems, System Tree.
  2. Perform one of these actions:
  • Group - Select a group in the System Tree and switch to the Assigned Client Tasks tab.
  • Endpoint - Select the endpoint on the Systems page, and then click Actions, Agent, Modify Tasks on a Single System.
  1. Click Actions, New Client Task Assignment and open the Client Task Assignment Builder page.
  2. Select Solidcore x.x.x, SC: Change Local CLI Access, and then click Create New Task to open the Client Task Catalog page.
  3. Specify the task name and add any descriptive information.
  4. Select Restrict.
  5. Specify scheduling details.
  6. Review and confirm the task details, and then click Save.
  7. Wake up the agent to send your client task to the endpoint immediately.
Apply a MACC license on an ePO managed system
To apply a MACC license on an ePO managed system:
  1. In the ePO server console, click MenuSoftwareExtension.
  2. Click Install Extension.
  3. Browse to the file location of the downloaded Solidcore Extension.
  4. Click OK and view the Solidcore Extension details.
  5. Click OK and complete the installation.
  6. In the ePO server console, click MenuConfigurationServer Settings.
  7. Select Solidcore.
  8. Click Edit and add the Solidcore Extension licenses.
  9. Click Save. The MACC licenses are now available for use with MACC clients.
Enable Solidifier clients from ePO
To enable Solidifier clients from ePO:
  1. Select Menu, Systems, System Tree.
  2. Perform one of these actions:
  • Group - Select a group in the System Tree and switch to the Assigned Client Tasks tab.
  • Endpoint - Select the endpoint on the Systems page, and then click Actions, Agent, Modify Tasks on a Single System.
  1. Click Actions, New Client Task Assignment and open the Client Task Assignment Builder page.
  2. Select Solidcore x.x.x, SC: Enable, and then click Create New Task to open the Client Task Catalog page.
  3. Specify the task name and add any descriptive information.
  4. Select the platform and subplatform.
  5. Select Change Control, Application Control, or both.

    NOTE: Change Control includes Integrity Monitor functionality.
     
  6. Complete these actions and enable Solidifier.
    Solidifier clients running Steps
    Windows all No configuration is needed.
    Windows NT and Windows 2000 Select Reboot endpoint and restart the endpoint. On the Windows platforms, a message is displayed five minutes before the system is restarted. The five-minute warning allows the user time to save their work on the endpoint.
    UNIX or Linux
    • Using version 6.1.0 or later - Deselect Reboot endpoint
    • Using version 6.0.1 or earlier - Select Reboot endpoint to restart the endpoint
    Restarting the system is needed to enable the software. The endpoint is restarted when the task is applied.
  1. Specify scheduling details.
  2. Review and confirm the task details, and then click Save.
  3. (Optional) Wake up the agent to send your client task to the endpoint immediately.
Standalone Solidifier
  1. Install the MACC Client on the system.
NOTE: You can specify the MACC licenses for supported Windows clients by adding the SERIALNUMBER command-line switch during the installation process. For more information, see page 10 of your MACC Installation guide.
  1. Open an administrator command prompt after installation has completed.
  2. Run the command sadmin license add <standalone_solidifier_license>
  3. Run the command sadmin license list to display the license that was applied. It returns the entered license type.
  4. Run the command sadmin so to create a local whitelist (inventory). This step must be completed before MACC can be enabled.
  5. Run the command sadmin enable.
  6. Reboot the system.

Rate this document

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.