Command Line Interface Guide. McAfee Application Control 6.2.0

Command Line Interface Guide McAfee Application Control 6.2.0 COPYRIGHT Copyright © 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara,...
Author: Lynne Harrison
19 downloads 0 Views 250KB Size
Command Line Interface Guide

McAfee Application Control 6.2.0

COPYRIGHT Copyright © 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee Active Protection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence, McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfee Total Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others.

LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.

2

McAfee Application Control 6.2.0

Command Line Interface Guide

Contents

1

Application Control Command Line Interface reference

2

Argument details

McAfee Application Control 6.2.0

5 19

Command Line Interface Guide

3

Contents

4

McAfee Application Control 6.2.0

Command Line Interface Guide

1

Application Control Command Line Interface reference

This section details all commands that are available for Application Control when using the command line interface (CLI). In the OS column, these abbreviations indicate the supported operating systems. •

L — Linux



W — Windows

In the Mode column, these abbreviations indicate the supported mode for the command. •

D — Disabled mode



E — Enabled mode



U — Update mode

Table 1-1

Command details

Command Description attr

Modifies or lists the Application Control configuration attributes list.

Syntax

OS

Mode

sadmin attr add -a filename1 ... filenameN

L

E, D, U

sadmin attr add -p filename1 ... filenameN sadmin attr add -u filename1 ... filenameN sadmin attr add -o parent= filename2 -p filename1 sadmin attr remove -a filename1 ... filenameN sadmin attr remove -p filename1 ... filenameN sadmin attr remove -u filename1 ... filenameN sadmin attr list -a filename1 ... filenameN sadmin attr list -p filename1 ... filenameN sadmin attr list -u filename1 ... filenameN sadmin attr flush -a

McAfee Application Control 6.2.0

Command Line Interface Guide

5

1

Application Control Command Line Interface reference

Table 1-1

Command details (continued)

Command Description

Syntax

OS

Mode

sadmin attr flush -p sadmin attr flush -u sadmin attr add -a filename1 ... filenameN

W (32-bit) E, D, U

sadmin attr add -b filename1 ... filenameN sadmin attr add -c filename1 ... filenameN sadmin attr add -d filename1 ... filenameN (Windows XP and Windows Server 2003 only) sadmin attr add -e filename1 ... filenameN (Windows XP and Windows Server 2003 only) sadmin attr add -f filename1 ... filenameN sadmin attr add -h filename1 ... filenameN sadmin attr add -o parent= filename2 -i filename1 sadmin attr add -j filename1 ... filenameN sadmin attr add -l filename1 ... filenameN sadmin attr add -p filename1 ... filenameN sadmin attr add -r filename1 ... filenameN (Windows XP and Windows Server 2003 only) sadmin attr add -u filename1 ... filenameN sadmin attr add -v filename1 ... filenameN (Windows Vista and later) sadmin attr add -o parent= filename2 -p filename1 sadmin attr add -o module= modulename -v filename1 (Windows Vista and later) sadmin attr remove -a filename1 ... filenameN sadmin attr remove -b filename1 ... filenameN sadmin attr remove -c filename1 ... filenameN

6

McAfee Application Control 6.2.0

Command Line Interface Guide

Application Control Command Line Interface reference

Table 1-1

1

Command details (continued)

Command Description

Syntax

OS

Mode

sadmin attr remove -d filename1 ... filenameN (Windows XP and Windows Server 2003 only) sadmin attr remove -e filename1 ... filenameN (Windows XP and Windows Server 2003 only) sadmin attr remove -f filename1 ... filenameN sadmin attr remove -h filename1 ... filenameN sadmin attr remove -i filename1 ... filenameN sadmin attr remove -j filename1 ... filenameN sadmin attr remove -l filename1 ... filenameN sadmin attr remove -p filename1 ... filenameN sadmin attr remove -r filename1 ... filenameN (Windows XP and Windows Server 2003 only) sadmin attr remove -u filename1 ... filenameN sadmin attr remove -v filename1 ... filenameN (Windows Vista and later) sadmin attr list -a filename1 ... filenameN sadmin attr list -b filename1 ... filenameN sadmin attr list -c filename1 ... filenameN sadmin attr list -d filename1 ... filenameN (Windows XP and Windows Server 2003 only) sadmin attr list -e filename1 ... filenameN (Windows XP and Windows Server 2003 only) sadmin attr list -f filename1 ... filenameN sadmin attr list -h filename1 ... filenameN sadmin attr list -i filename1 ... filenameN

McAfee Application Control 6.2.0

Command Line Interface Guide

7

1

Application Control Command Line Interface reference

Table 1-1

Command details (continued)

Command Description

Syntax

OS

Mode

sadmin attr list -j filename1 ... filenameN sadmin attr list -l filename1 ... filenameN sadmin attr list -p filename1 ... filenameN sadmin attr list -r filename1 ... filenameN (Windows XP and Windows Server 2003 only) sadmin attr list -u filename1 ... filenameN sadmin attr list -v filename1 ... filenameN (Windows Vista and later) sadmin attr flush -a sadmin attr flush -b sadmin attr flush -c sadmin attr flush -d (Windows XP and Windows Server 2003 only) sadmin attr flush -e (Windows XP and Windows Server 2003 only) sadmin attr flush -f sadmin attr flush -h sadmin attr flush -i sadmin attr flush -j sadmin attr flush -l sadmin attr flush -p sadmin attr flush -r (Windows XP and Windows Server 2003 only) sadmin attr flush -u sadmin attr flush -v (Windows Vista and later) sadmin attr add -a filename1 ... filenameN

W (64-bit) E, D, U

sadmin attr add -e filename1 ... filenameN (Windows XP and Windows Server 2003 only) sadmin attr add -h filename1 ... filenameN

8

McAfee Application Control 6.2.0

Command Line Interface Guide

Application Control Command Line Interface reference

Table 1-1

1

Command details (continued)

Command Description

Syntax

OS

Mode

sadmin attr add -o parent= filename2 -i filename1 sadmin attr add -j filename1 ... filenameN sadmin attr add -n filename1 ... filenameN sadmin attr add -n -y filename1 (Not available on Windows Server 2012) sadmin attr add -p filename1 ... filenameN sadmin attr add -r filename1 ... filenameN (Windows XP and Windows Server 2003 only) sadmin attr add -u filename1 ... filenameN sadmin attr add -v filename1 ... filenameN (Windows Vista and later) sadmin attr add -o parent= filename2 -p filename1 sadmin attr add -o module= modulename -v filename1 (Windows Vista and later) sadmin attr remove -a filename1 ... filenameN sadmin attr remove -e filename1 ... filenameN (Windows XP and Windows Server 2003 only) sadmin attr remove -h filename1 ... filenameN sadmin attr remove -i filename1 ... filenameN sadmin attr remove -j filename1 ... filenameN sadmin attr remove -n filename1 ... filenameN sadmin attr remove -p filename1 ... filenameN sadmin attr remove -r filename1 ... filenameN (Windows XP and Windows Server 2003 only) sadmin attr remove -u filename1 ... filenameN

McAfee Application Control 6.2.0

Command Line Interface Guide

9

1

Application Control Command Line Interface reference

Table 1-1

Command details (continued)

Command Description

Syntax

OS

Mode

sadmin attr remove -v filename1 ... filenameN (Windows Vista and later) sadmin attr list -a filename1 ... filenameN sadmin attr list -e filename1 ... filenameN (Windows XP and Windows Server 2003 only) sadmin attr list -h filename1 ... filenameN sadmin attr list -i filename1 ... filenameN sadmin attr list -j filename1 ... filenameN sadmin attr list -n filename1 ... filenameN sadmin attr list -p filename1 ... filenameN sadmin attr list -r filename1 ... filenameN (Windows XP and Windows Server 2003 only) sadmin attr list -u filename1 ... filenameN sadmin attr list -v filename1 ... filenameN (Windows Vista and later) sadmin attr flush -a sadmin attr flush -e (Windows XP and Windows Server 2003 only) sadmin attr flush -h sadmin attr flush -i sadmin attr flush -j sadmin attr flush -n sadmin attr flush -p sadmin attr flush -r (Windows XP and Windows Server 2003 only) sadmin attr flush -u sadmin attr flush -v (On Windows Vista and later) For more information about this command, see Configure memory-protection techniques and Maintain your systems in McAfee Application Control 6.2.0 Product Guide for standalone mode.

10

McAfee Application Control 6.2.0

Command Line Interface Guide

1

Application Control Command Line Interface reference

Table 1-1

Command details (continued)

Command Description auth

Authorizes an application (executable, installer, or batch file) as a whitelist, or unauthorizes an application by adding to the blacklist. The application might be locally installed, invoked, or installed or invoked from a shared drive.

Syntax

OS

Mode

sadmin auth -a -c checksum

W

E, D, U

sadmin auth -a [ -t rule id ] -c checksum sadmin auth -a [ -t rule id ] [ -u ] -c checksum sadmin auth -b -c checksum sadmin auth -b [ -t rule id] -c checksum sadmin auth -r checksum sadmin auth -l sadmin auth -f

For more information about this command, see Override Application Control protection in McAfee Application Control 6.2.0 Product Guide for standalone mode. begin-upd Initiates the Update mode ate (bu) to help perform software updates and installations.

sadmin begin-update [ workflow-id L, W [ comment ]]

E, D

sadmin bu [ workflow-id [ comment ]]

For more information about this command, see Maintain your systems in McAfee Application Control 6.2.0 Product Guide for standalone mode. cert

Manages certificates for digitally signed files. You can add, remove, or list the certificates in the Application Control certificate store, which is a directory within the install directory / Certificates.

sadmin cert add certificate_name

W

E, D, U

sadmin cert add -u certificate_name sadmin cert add -c certificate_content sadmin cert remove SHA1 sadmin cert remove -c certificate_content sadmin cert list sadmin cert list -d sadmin cert list -u sadmin cert list [ -d | -u ] sadmin cert flush

For more information about this command, see Override Application Control protection in McAfee Application Control 6.2.0 Product Guide for standalone mode. check

Validates and fixes the attributes of the specified file or files against the file inventory.

McAfee Application Control 6.2.0

L, W

sadmin check [ -r ]

E, D, U

sadmin check [ -r ] filename1 ... filenameN

Command Line Interface Guide

11

1

Application Control Command Line Interface reference

Table 1-1

Command details (continued)

Command Description

Syntax

OS

Mode

sadmin check [ -r ] directoryname1 ... directorynameN sadmin check [ -r ] volumename1 ... volumenameN For more information about this command, see Maintain your systems in McAfee Application Control 6.2.0 Product Guide for standalone mode. config

Allows you to:

sadmin config export filename

L, W

E, D, U

• Export current sadmin config import [ -a ] configuration settings to a filename file. • Import configuration settings from a file to an existing installation.

sadmin config set name=value sadmin config show

For more information about this command, see Configure advanced features in McAfee Application Control 6.2.0 Product Guide for standalone mode. diag

Runs diagnostics and offers suggestions on programs and applications to authorize (to perform updates).

sadmin diag

W

E, U

sadmin diag fix [ -f ]

For more information about this command, see Maintain your systems in McAfee Application Control 6.2.0 Product Guide for standalone mode. disable

Activates the Disabled sadmin disable mode. Restart the system to make sure that the command is applied. On the Linux platform, if Application Control is in the Enabled mode, system restart is not required to apply this command. However, to uninstall the product, system restart is required.

L, W

E, U

For more information about this command, see Maintain your systems in McAfee Application Control 6.2.0 Product Guide for standalone mode. enable

Activates the Enabled mode. sadmin enable Restart the system to make sure that the command is applied. Alternatively, restart the Application Control service to apply this command. However, the memory-protection feature will be available only after system restart.

L, W

D

For more information about this command, see How do I deploy Application Control in McAfee Application Control 6.2.0 Product Guide for standalone mode.

12

McAfee Application Control 6.2.0

Command Line Interface Guide

1

Application Control Command Line Interface reference

Table 1-1

Command details (continued)

Command Description

Syntax

end-updat Ends the Update mode and sadmin end-update e (eu) activates the Enabled mode. sadmin eu

OS

Mode

L, W

U

For more information about this command, see Maintain your systems in McAfee Application Control 6.2.0 Product Guide for standalone mode. event

Configures the log targets (sinks) for generated events.

L, W

sadmin event sink

E, D, U

sadmin event sink eventname sadmin event sink -a { eventname | ALL } { sinkname | ALL } sadmin event sink -r { eventname | ALL } { sinkname | ALL }

For more information about this command, see Configure advanced features in McAfee Application Control 6.2.0 Product Guide for standalone mode. features

Enables, disables, or lists the features on an existing installation.

L, W

sadmin features [-d]

E, D, U

sadmin features enable featurename sadmin features disable featurename sadmin features list

For more information about this command, see Maintain your systems in McAfee Application Control 6.2.0 Product Guide for standalone mode. help

Provides information about basic commands.

L, W

sadmin help

E, D, U

sadmin help [ command ] For more information about this command, see Getting started in McAfee Application Control 6.2.0 Product Guide for standalone mode. help-adva Provides information about nced advance commands.

L, W

sadmin help-advanced

E, D, U

sadmin help-advanced [ command ] For more information about this command, see Getting started in McAfee Application Control 6.2.0 Product Guide for standalone mode. license

Adds or displays licensing information.

sadmin license add licensekey

L, W

D

sadmin license list For more information about this command, see How do I deploy Application Control in McAfee Application Control 6.2.0 Product Guide for standalone mode. list-soli Lists the whitelisted files, dified directories, and volumes. (ls)

sadmin list-solidified [ -l ]

L, W

E, D, U

sadmin ls [ -l ] sadmin list-solidified [ -l ] filename1 ... filenameN sadmin ls [ -l ] filename1 ... filenameN

McAfee Application Control 6.2.0

Command Line Interface Guide

13

1

Application Control Command Line Interface reference

Table 1-1

Command details (continued)

Command Description

Syntax

OS

Mode

sadmin list-solidified [ -l ] directoryname1 ... directorynameN sadmin ls [ -l ] directoryname1 ... directorynameN sadmin list-solidified [ -l ] volumename1 ... volumenameN sadmin ls [ -l ] volumename1 ... volumenameN For more information about this command, see Maintain your systems in McAfee Application Control 6.2.0 Product Guide for standalone mode. list-unso Lists the files, directories, lidified and volumes that are not (lu) whitelisted.

sadmin list-unsolidified

L, W

E, D, U

sadmin lu sadmin list-unsolidified filename1 ... filenameN sadmin lu filename1 ... filenameN sadmin list-unsolidified directoryname1 ... directorynameN sadmin lu directoryname1 ... directorynameN sadmin list-unsolidified volumename1 ... volumenameN sadmin lu volumename1 ... volumenameN

For more information about this command, see Maintain your systems in McAfee Application Control 6.2.0 Product Guide for standalone mode. lockdown

Disables the local command sadmin lockdown line interface. After lockdown, you can only issue the help, help‑advanced, status, version, and recover commands.

L, W

E, D, U

passwd

Sets a password for the command line interface.

L, W

E, D, U

If the password is set, you must verify the password before executing critical commands.

sadmin passwd sadmin passwd -d

Using sadmin passwd -d command removes the password. For more information about this command, see Configure advanced features in McAfee Application Control 6.2.0 Product Guide for standalone mode.

14

McAfee Application Control 6.2.0

Command Line Interface Guide

1

Application Control Command Line Interface reference

Table 1-1

Command details (continued)

Command Description

Syntax

OS

Mode

read-prot Displays or modifies the ect (rp) read-protection rules. You must specify complete file or directory names with this command. For more information about rp command, see Protect the file system components chapter in the McAfee Application Control Product Guide for standalone 6.2.0.

sadmin read-protect -i pathname1 ... pathnameN

L, W

E, D, U

sadmin read-protect -e pathname1 ... pathnameN sadmin read-protect -r pathname1 ... pathnameN sadmin read-protect -l sadmin read-protect -f

For more information about this command, see Protect the file system components in McAfee Application Control 6.2.0 Product Guide for standalone mode. recover

Recovers the local command line interface.

sadmin recover

L, W

E, D, U

L, W

E, D, U

sadmin recover -f solidify (so)

Adds specified files in a directory or system volume to the whitelist.

sadmin solidify [ -q | -v ] sadmin solidify [ -q | -v ] filename1 ... filenameN sadmin solidify [ -q | -v ] directoryname1 ... directorynameN sadmin solidify [ -q | -v ] volumename1 ... volumenameN

For more information about this command, see How do I deploy Application Control in McAfee Application Control 6.2.0 Product Guide for standalone mode. status

Displays the status of sadmin status Application Control. You can view the operational mode, sadmin status volumename operational mode on system restart, connectivity with McAfee ePolicy Orchestrator (McAfee ePO ) , access status, and whitelist status of the local CLI.

L, W

E, D, U

®

®



For more information about this command, see How do I deploy Application Control in McAfee Application Control 6.2.0 Product Guide for standalone mode. trusted

Identifies a local or remote share as a trusted volume or directory. You can include, exclude, remove, list, or flush the trusted volumes or directories.

sadmin trusted -i pathname1 ... pathnameN

L

E, D, U

sadmin trusted -e pathname1 ... pathnameN sadmin trusted -r pathname1 ... pathnameN sadmin trusted -l sadmin trusted -f

McAfee Application Control 6.2.0

Command Line Interface Guide

15

1

Application Control Command Line Interface reference

Table 1-1

Command details (continued)

Command Description

Syntax

OS

W sadmin trusted -i volumesetname1 ... volumesetnameN

Mode E, D, U

sadmin trusted -i pathname1 ... pathnameN sadmin trusted -e volumesetname1 ... volumesetnameN sadmin trusted -e pathname1 ... pathnameN sadmin trusted -r volumesetname1 ... volumesetnameN sadmin trusted -r pathname1 ... pathnameN sadmin trusted -l sadmin trusted -f sadmin trusted -u For more information about this command, see Override Application Control protection in McAfee Application Control 6.2.0 Product Guide for standalone mode. unsolidif Removes specified y (unso) whitelisted files from the whitelist.

sadmin unsolidify [ -v ]

L, W

E, D, U

sadmin unsolidify [ -v ] filename1 ... filenameN sadmin unsolidify [ -v ] directoryname1 ... directorynameN sadmin unsolidify [ -v ] volumename1 ... volumenameN

For more information about this command, see Maintain your systems in McAfee Application Control 6.2.0 Product Guide for standalone mode. updaters

Adds, deletes, lists, or flushes programs from the list of authorized updaters.

sadmin updaters add [ -d ] { binaryname }

L

sadmin updaters add [ -n ] { binaryname } sadmin updaters add [ -p parent-programname ] { binaryname } sadmin updaters add [ -t rule-id ] { binaryname } sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] [ -p parent-programname ] { binaryname } sadmin updaters remove { binaryname }

16

McAfee Application Control 6.2.0

Command Line Interface Guide

E, D, U

1

Application Control Command Line Interface reference

Table 1-1

Command details (continued)

Command Description

Syntax

OS

Mode

W

E, D, U

sadmin updaters remove [ -p parent-programname ] { binaryname } sadmin updaters list sadmin updaters flush sadmin updaters add [ -d ] { binaryname } sadmin updaters add [ -l libraryname ] { binaryname } sadmin updaters add [ -n ] { binaryname } sadmin updaters add [ -p parent-binaryname ] { binaryname } sadmin updaters add [ -t rule-id ] { binaryname } sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] [ -l libraryname ] { binaryname } sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] [ -p parent-binaryname ] { binaryname } sadmin updaters add [ -t rule-id ] -u username sadmin updaters remove { binaryname } sadmin updaters remove [ -l libraryname ] { binaryname } sadmin updaters remove [ -p parent-binaryname ] { binaryname } sadmin updaters remove -u username sadmin updaters list sadmin updaters flush For more information about this command, see Override Application Control protection in McAfee Application Control 6.2.0 Product Guide for standalone mode. version

Displays the version of the installed Application Control

sadmin version

L, W

E, D, U

For more information about this command, see How do I deploy Application Control in McAfee Application Control 6.2.0 Product Guide for standalone mode.

McAfee Application Control 6.2.0

Command Line Interface Guide

17

1

Application Control Command Line Interface reference

Table 1-1

Command details (continued)

Command Description

Syntax

OS

Mode

write-pro Write-protects specified files tect (wp) including the whitelisted files. You must specify complete file or directory names with this command.

sadmin write-protect -i pathname1 ... pathnameN

L, W

E, D, U

sadmin write-protect -e pathname1 ... pathnameN sadmin write-protect -r pathname1 ... pathnameN sadmin write-protect -l sadmin write-protect -f

For more information about this command, see Protect the file system components in McAfee Application Control 6.2.0 Product Guide for standalone mode. write-pro Write-protects specified tect-reg registry keys including the (wpr) whitelisted registry keys.

sadmin write-protect-reg -i registrykeyname1 ... registrykeynameN

W

E, D, U

sadmin write-protect-reg -e registrykeyname1 ... registrykeynameN sadmin write-protect-reg -r registrykeyname1 ... registrykeynameN sadmin write-protect-reg -l sadmin write-protect-r eg -f For more information about this command, see Protect the file system components in McAfee Application Control 6.2.0 Product Guide for standalone mode.

18

McAfee Application Control 6.2.0

Command Line Interface Guide

2

Argument details

This table lists the commands with the supported arguments and their description. In the Argument column, the supported arguments for the commands are listed in alphabetical order. You can use -z argument to prevent the system from prompting for the password. This argument can be used in all CLI commands to provide the CLI password (so that the system does not prompt for password). For example, if the CLI password is set and you issue the sadmin wp -i abc.txt command, the system immediately prompts you for the password. Using the -z argument, you can issue the sadmin wp -z -i abc.txt command to provide the password with the issued command.

Table 2-1

Argument details

Command

Argument

Description

attr

-a

Always authorizes by file name. This is a deprecated technique. For more information, contact McAfee Support.

-b

Configures the bypass, restore, list, and flush rules for a component protected using the Mangling technique. This is a deprecated technique. For more information, contact McAfee Support.

-c

Configures the bypass, restore, list, and flush rules for a component protected using the Critical Address Space Protection technique.

-d

Configures the bypass, restore, list, and flush rules for a component protected using the mp-vasr-randomization technique.

-e

Configures the add, remove, list, and flush rules for a component protected using the mp-vasr-rebasing technique.

-f

Bypasses from full crawl attribute. This is a deprecated technique. For more information, contact McAfee Support.

-h

Adds a binary to MP Compat protection.

-i

Configures the bypass, restore, list, and flush rules for a binary using the Package Control feature.

-j

Bypasses a binary from MP Compat protection.

-l

Configures the bypass, restore, list, and flush rules for a component using the Anti-Debugging technique. This is a deprecated technique. For more information, contact McAfee Support.

-n

Configures the bypass, restore, list, and flush rules for a component using the mp-nx technique.

-y

Includes child processes for a component to be bypassed using the mp-nx technique. This argument can only be specified with the -n argument.

McAfee Application Control 6.2.0

Command Line Interface Guide

19

2

Argument details

Table 2-1

Argument details (continued)

Command

auth

begin-update (bu)

Argument

Description

-o

Indicates to specify the DLL module name for a specified process. This argument can be used with -p, -v, and -i arguments. On the Linux platform, use this argument to specify the parent program for the -p attribute.

-p

Bypasses from process context file operations attribute.

-r

Configures the bypass, restore, list, and flush tasks for a component using the mp-vasr-relocation technique.

-u

Always unauthorizes by file name. This is a deprecated technique. For more information, contact McAfee Support.

-v

Bypasses from Forced DLL relocation attribute.

-a

Authorizes a binary using the checksum value.

-b

Bans a binary using the checksum value.

-c

Specifies the checksum value.

-f

Flushes all authorized or banned binaries.

-l

Lists all authorized and banned binaries.

-r

Removes the authorized or banned binaries.

-t

Includes the associated tag name for a binary to be banned.

-u

Authorizes a binary and also provides updater privileges when used with the -a and -c arguments.

workflow-id Indicates to specify an ID while switching to the Update mode. This ID can be used for tracking purposes in a change management for ticketing system. comment

Indicates to use a descriptive text for the workflow ID.

-c

Specifies the certificate content as trusted.

-d

Lists all details of the issuer and subject of the certificates added to the system.

-u

Provides updater privileges to a certificate that is added as a trusted certificate or list the trusted certificates with updater privileges.

check

-r

Fixes any inconsistencies that are encountered.

config

-a

Appends the configuration values.

diag

-f

Applies the diagnosed configuration changes for the restricted programs, such as winlogon.exe and svchost .exe.

disable

NA

NA

enable

NA

NA

end-update (eu)

NA

NA

event

-a

Adds sinks to the specified event.

-r

Removes sinks from the specified event.

-d

Lists all features (including the hidden features).

cert

features

For more information, contact McAfee Support. help

20

McAfee Application Control 6.2.0

NA

NA

Command Line Interface Guide

2

Argument details

Table 2-1

Argument details (continued)

Command

Argument

Description

help-advanced

NA

NA

license

NA

NA

list-solidified (ls)

-l

Lists details of the whitelisted files.

list-unsolidified (lu) NA

NA

lockdown

NA

NA

passwd

-d

Removes the password for using Application Control.

read-protect (rp)

-e

Excludes specific components from a read-protected directory, or volume.

-f

Flushes all components from read protection.

-i

Includes files, directories, or volumes for read protection.

-l

Lists the read-protected components.

-r

Removes read‑protection applied to files, directories, or volumes.

recover

-f

Forcefully aborts the McAfee ePO command and recover the local CLI.

solidify (so)

-q

Suppresses all output except for errors.

-v

Displays all the processed components.

status

NA

NA

trusted

-e

Excludes one or more specified paths to the directories or volumes from a list of trusted directories or volumes.

-f

Removes all directories and volumes from the trusted rule.

-i

Adds one or more specified paths to the directories or volumes as trusted directories or volumes.

-l

Lists all trusted directories and volumes.

-r

Removes the specified directories or volumes from the trusted rule.

-u

Provides updater privileges to all binaries and scripts in the trusted directories or volumes.

unsolidify (unso)

-v

Displays all the processed components.

updaters

-d

Excludes the child processes of a binary file to be added as an updater from inheriting the updater privileges.

-l

Includes the library name for an execution file to be added as an updater (for Windows).

-n

Disables event logging for a file to be added as an updater.

-p

Adds a file as an updater only when it is started by specified parent process.

-t

Performs these operations: • Includes the tags for a file to be added as an updater. • Adds a user with a tag name as an updater.

version

McAfee Application Control 6.2.0

-u

Adds a user as an updater (for Windows).

NA

NA

Command Line Interface Guide

21

2

Argument details

Table 2-1

Argument details (continued)

Command

Argument

Description

write-protect (wp)

-e

Excludes specific components from a write-protected directory or volume.

-f

Flushes all components from write protection.

-i

Write-protects files, directories, or volumes.

-l

Lists the write-protected components.

-r

Removes write protection applied to files, directories, or volumes.

-e

Excludes one or more registry keys from write protection.

-f

Flushes all registry keys from write protection. Flushing the registry keys from write protection removes all write‑protection rules applied to the registry keys.

-i

Write‑protects registry keys.

-l

Lists all write-protected registry keys.

-r

Removes write protection from one or more registry keys.

write-protect-reg (wpr)

22

McAfee Application Control 6.2.0

Command Line Interface Guide

00