For use in standalone mode - McAfee · PDF fileCommand Line Interface Guide McAfee Application Control 6.1.0 For use in standalone mode

Command Line Interface Guide

McAfee Application Control 6.1.0For use in standalone mode

COPYRIGHTCopyright © 2012 McAfee, Inc. Do not copy without permission.

TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator,McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab,McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection,TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States andother countries. Other names and brands may be claimed as the property of others.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 McAfee Application Control 6.1.0 Command Line Interface Guide

Contents

1 Application Control Command Line Interface Reference 5

2 Argument Details 19

McAfee Application Control 6.1.0 Command Line Interface Guide 3

Contents


1 Application Control Command LineInterface Reference

This section details all commands that are available for Application Control when using the commandline interface (CLI).

In the operating system (OS) column, L indicates Linux is supported and W indicates Windows issupported. In the Mode column, E indicates that the command is supported in Enabled mode, Dindicates that the command is supported in Disabled mode, and U indicates that the command issupported in Update mode.

Table 1-1 Command Details

Command Description Syntax OS Mode

attr Modifies or lists theApplication Controlconfiguration attributes list.

sadmin attr add ‑afilename1 ... filenameN

L E, D, U

sadmin attr add ‑pfilename1 ... filenameNsadmin attr add ‑ufilename1 ... filenameNsadmin attr add ‑o parent=filename2 ‑p filename1sadmin attr remove ‑afilename1 ... filenameNsadmin attr remove ‑pfilename1 ... filenameNsadmin attr remove ‑ufilename1 ... filenameNsadmin attr list ‑afilename1 ... filenameN

sadmin attr list ‑pfilename1 ... filenameN

sadmin attr list ‑ufilename1 ... filenameN

sadmin attr flush ‑a

sadmin attr flush ‑p

sadmin attr flush ‑u


W (32‑bit) E, D, U

1


Table 1-1 Command Details (continued)


sadmin attr add ‑bfilename1 ... filenameNsadmin attr add ‑cfilename1 ... filenameNsadmin attr add ‑dfilename1 ... filenameN(On Windows XP and WindowsServer 2003 only)

sadmin attr add ‑efilename1 ... filenameN(On Windows XP and WindowsServer 2003 only)

sadmin attr add ‑ffilename1 ... filenameNsadmin attr add ‑ifilename1 ... filenameNsadmin attr add ‑lfilename1 ... filenameNsadmin attr add ‑pfilename1 ... filenameNsadmin attr add ‑rfilename1 ... filenameN(On Windows XP and WindowsServer 2003 only)

sadmin attr add ‑ufilename1 ... filenameNsadmin attr add ‑vfilename1 ... filenameN(On Windows Vista and later)

sadmin attr add ‑o parent=filename2 ‑p filename1sadmin attr add ‑o parent=filename2 ‑v filename1 (OnWindows Vista and later)

sadmin attr remove ‑afilename1 ... filenameN

sadmin attr remove ‑bfilename1 ... filenameN

sadmin attr remove ‑cfilename1 ... filenameN

sadmin attr remove ‑dfilename1 ... filenameN(On Windows XP and WindowsServer 2003 only)

sadmin attr remove ‑efilename1 ... filenameN(On Windows XP and WindowsServer 2003 only)

1 Application Control Command Line Interface Reference




sadmin attr remove ‑ffilename1 ... filenameN

sadmin attr remove ‑ifilename1 ... filenameN

sadmin attr remove ‑lfilename1 ... filenameN

sadmin attr remove ‑pfilename1 ... filenameN

sadmin attr remove ‑rfilename1 ... filenameN(On Windows XP and WindowsServer 2003 only)

sadmin attr remove ‑ufilename1 ... filenameN

sadmin attr remove ‑vfilename1 ... filenameN(On Windows Vista and later)

sadmin attr list ‑afilename1 ... filenameN

sadmin attr list ‑bfilename1 ... filenameN

sadmin attr list ‑cfilename1 ... filenameN

sadmin attr list ‑dfilename1 ... filenameN(On Windows XP and WindowsServer 2003 only)

sadmin attr list ‑efilename1 ... filenameN(On Windows XP and WindowsServer 2003 only)

sadmin attr list ‑ffilename1 ... filenameN

sadmin attr list ‑ifilename1 ... filenameN

sadmin attr list ‑lfilename1 ... filenameN


sadmin attr list ‑rfilename1 ... filenameN(On Windows XP and WindowsServer 2003 only)

Application Control Command Line Interface Reference 1





sadmin attr list ‑vfilename1 ... filenameN(On Windows Vista and later)


sadmin attr flush ‑b

sadmin attr flush ‑c

sadmin attr flush ‑d (OnWindows XP and WindowsServer 2003 only)

sadmin attr flush ‑e (OnWindows XP and WindowsServer 2003 only)

sadmin attr flush ‑f

sadmin attr flush ‑i

sadmin attr flush ‑l


sadmin attr flush ‑r (OnWindows XP and WindowsServer 2003 only)


sadmin attr flush ‑v (OnWindows Vista and later)


W (64‑bit) E, D, U

sadmin attr add ‑efilename1 ... filenameN(On Windows XP and WindowsServer 2003 only)

sadmin attr add ‑ifilename1 ... filenameN

sadmin attr add ‑nfilename1 ... filenameN

sadmin attr add ‑pfilename1 ... filenameN

sadmin attr add ‑rfilename1 ... filenameN(On Windows XP and WindowsServer 2003 only)





sadmin attr add ‑ufilename1 ... filenameN

sadmin attr add ‑vfilename1 ... filenameN(On Windows Vista and later)

sadmin attr add ‑o parent=filename2 ‑p filename1

sadmin attr add ‑o parent=filename2 ‑v filename1 (OnWindows Vista and later)

sadmin attr remove ‑afilename1 ... filenameN

sadmin attr remove ‑efilename1 ... filenameN(On Windows XP and WindowsServer 2003 only)

sadmin attr remove ‑ifilename1 ... filenameN

sadmin attr remove ‑nfilename1 ... filenameN

sadmin attr remove ‑pfilename1 ... filenameN

sadmin attr remove ‑rfilename1 ... filenameN(On Windows XP and WindowsServer 2003 only)

sadmin attr remove ‑ufilename1 ... filenameN

sadmin attr remove ‑vfilename1 ... filenameN(On Windows Vista and later)

sadmin attr list ‑afilename1 ... filenameN

sadmin attr list ‑efilename1 ... filenameN(On Windows XP and WindowsServer 2003 only)

sadmin attr list ‑ifilename1 ... filenameN

sadmin attr list ‑nfilename1 ... filenameN






sadmin attr list ‑rfilename1 ... filenameN(On Windows XP and WindowsServer 2003 only)


sadmin attr list ‑vfilename1 ... filenameN(On Windows Vista and later)


sadmin attr flush ‑e (OnWindows XP and WindowsServer 2003 only)

sadmin attr flush ‑i

sadmin attr flush ‑n


sadmin attr flush ‑r (OnWindows XP and WindowsServer 2003 only)


sadmin attr flush ‑v (OnWindows Vista and later)

For more information on this command, refer to the Configure memory‑protectiontechniques and Maintain your systems sections in the McAfee Application Control 6.1.0Product Guide for standalone mode.

auth Authorizes an application(executable, installer, or batchfile) as a whitelist orunauthorizes an applicationby adding to the blacklist. Theapplication may be locallyinstalled, invoked, or installedor invoked from a shareddrive.

sadmin auth ‑a ‑c checksum W E, D, U

sadmin auth ‑a [ ‑t ruleid ] ‑c checksum

sadmin auth ‑a [ ‑t ruleid ] [ ‑u ] ‑c checksum

sadmin auth ‑b ‑c checksum

sadmin auth ‑b [ ‑t ruleid] ‑c checksum

sadmin auth ‑r checksum

sadmin auth ‑l

sadmin auth ‑f

For more information on this command, refer to the Override Application Controlprotection section in the McAfee Application Control 6.1.0 Product Guide for standalonemode.





begin‑update (bu)

Initiates the Update mode tohelp perform softwareupdates and installations.

sadmin begin‑update[ workflow‑id [ comment ]]sadmin bu [ workflow‑id[ comment ]]

L, W E, D

For more information on this command, refer to the Maintain your systems section in theMcAfee Application Control 6.1.0 Product Guide for standalone mode.

cert Manages certificates fordigitally‑signed files. You canadd, remove, or list thecertificates in the ApplicationControl certificate store,which is a directory within theinstall directory <instlall_dir>/Certificates.

sadmin cert addcertificatename

W E, D, U

sadmin cert add ‑ucertificatename

sadmin cert add ‑ccertificate content

sadmin cert remove SHA1

sadmin cert remove ‑ccertificatecontent

sadmin cert list

sadmin cert list ‑d

sadmin cert list ‑u

sadmin cert list [ ‑d |‑u ]

sadmin cert flush


check Validates and fixes theattributes of the specified fileor files against the fileinventory.

sadmin check [ ‑r ] L, W E, D, U

sadmin check [ ‑r ]filename1 ... filenameN

sadmin check [ ‑r ]directoryname1 ...directorynameN

sadmin check [ ‑r ]volumename1 ...volumenameN


config Allows you to:• Export current configuration

settings to a file

• Import configurationsettings from a file to anexisting installation

sadmin config exportfilename

L, W E, D, U

sadmin config import [ ‑a ]filename

sadmin config setname=value





sadmin config show

For more information on this command, refer to the Configure advanced features sectionin the McAfee Application Control 6.1.0 Product Guide for standalone mode.

diag Runs diagnostics and offerssuggestions on programs andapplications to authorize (toperform updates).

sadmin diag W E, U

sadmin diag fix [ ‑f ]


disable Activates the Disabled mode.Restart the system to ensurethe command is applied. Onthe Linux platform, ifApplication Control is in theEnabled mode, system restartis not required to apply thiscommand. However, touninstall the product, systemrestart is required.

sadmin disable L, W E, U


enable Activates the Enabled mode.Restart the system to ensurethe command is applied.Alternatively, restart theApplication Control service toapply this command.However, thememory‑protection featurewill be available only aftersystem restart.

sadmin enable L, W D

For more information on this command, refer to the How do I deploy Application Controlsection in the McAfee Application Control 6.1.0 Product Guide for standalone mode.

end‑update (eu)

Ends the Update mode andactivates the Enabled mode.

sadmin end‑updatesadmin eu

L, W U


event Configures the log targets(sinks) for generated events.

sadmin event sink L, W E, D, U

sadmin event sinkeventname

sadmin event sink ‑a{ eventname | ALL }{ sinkname | ALL }

sadmin event sink ‑r{ eventname | ALL }{ sinkname | ALL }






features Enables, disables, or lists thefeatures on an existinginstallation.

sadmin features [‑d] L, W E, D, U

sadmin features enablefeaturename

sadmin features disablefeaturename

sadmin features list


help Provides information on basiccommands.

sadmin help L, W E, D, U

sadmin help [ command ]

For more information on this command, refer to the Getting started section in theMcAfee Application Control 6.1.0 Product Guide for standalone mode.

help‑advanced

Provides information onadvance commands.

sadmin help‑advanced L, W E, D, U

sadmin help‑advanced[ command ]

For more information on this command, refer to the Getting started section in theMcAfee Application Control 6.1.0 Product Guide for standalone mode.

license Adds or displays licensinginformation.

sadmin license addlicensekey

L, W D

sadmin license list


list‑solidified(ls)

Lists the whitelisted files,directories, and volumes.

sadmin list‑solidified[ ‑l ]sadmin ls [ ‑l ]

L, W E, D, U

sadmin list‑solidified[ ‑l ] filename1 ...filenameNsadmin ls [ ‑l ]filename1 ... filenameN

sadmin list‑solidified[ ‑l ] directoryname1 ...directorynameNsadmin ls [ ‑l ]directoryname1 ...directorynameN

sadmin list‑solidified[ ‑l ] volumename1 ...volumenameNsadmin ls [ ‑l ]volumename1 ...volumenameN






list‑unsolidified(lu)

Lists the files, directories, andvolumes that are notwhitelisted.

sadmin list‑unsolidifiedsadmin lu

L, W E, D, U

sadmin list‑unsolidifiedfilename1 ... filenameNsadmin lu filename1 ...filenameN

sadmin list‑unsolidifieddirectoryname1 ...directorynameNsadmin ludirectoryname1 ...directorynameN

sadmin list‑unsolidifiedvolumename1 ...volumenameNsadmin lu volumename1 ...volumenameN


lockdown Disables the local commandline interface. After lockdown,you can only issue the help,help‑advanced, status,version, and recovercommands.

sadmin lockdown L, W E, D, U

passwd Sets a password for thecommand line interface.

If the password is set, youmust verify the passwordprior to executing criticalcommands.

Using sadmin passwd ‑dcommand removes thepassword.

sadmin passwd L, W E, D, U

sadmin passwd ‑d


read‑protect (rp)

Displays or modifies theread‑protection rules. Youmust specify complete file ordirectory names with thiscommand.For more information on rpcommand, refer to the Protectthe file system componentschapter in the McAfeeApplication Control ProductGuide for standalone 6.1.0.

sadmin read‑protect ‑ipathname1 ... pathnameN

L, W E, D, U

sadmin read‑protect ‑epathname1 ... pathnameN

sadmin read‑protect ‑rpathname1 ... pathnameN

sadmin read‑protect ‑l





sadmin read‑protect ‑f

For more information on this command, refer to the Protect the file system componentssection in the McAfee Application Control 6.1.0 Product Guide for standalone mode.

recover Recovers the local commandline interface.

sadmin recover L, W E, D, U

sadmin recover ‑f

solidify(so)

Adds specified files in adirectory or system volume tothe whitelist.

sadmin solidify [ ‑q | ‑v ] L, W E, D, U

sadmin solidify [ ‑q | ‑v ]filename1 ... filenameN

sadmin solidify [ ‑q | ‑v ]directoryname1 ...directorynameN

sadmin solidify [ ‑q | ‑v ]volumename1 ...volumenameN


status Displays the current status ofApplication Control. You canview the operational mode,operational mode on systemrestart, connectivity withMcAfee ePO, access status,and whitelist status of thelocal CLI.

sadmin status L, W E, D, U

sadmin status volumename


trusted Identifies a local or remoteshare as a trusted volume ordirectory. You can include,exclude, remove, list, or flushthe trusted volumes ordirectories.

sadmin trusted ‑ipathname1 ... pathnameN

L E, D, U

sadmin trusted ‑epathname1 ... pathnameN

sadmin trusted ‑rpathname1 ... pathnameN

sadmin trusted ‑l

sadmin trusted ‑f

sadmin trusted ‑ivolumesetname1 ...volumesetnameN

W E, D, U

sadmin trusted ‑ipathname1 ... pathnameN

sadmin trusted ‑evolumesetname1 ...volumesetnameN





sadmin trusted ‑epathname1 ... pathnameN

sadmin trusted ‑rvolumesetname1 ...volumesetnameN

sadmin trusted ‑rpathname1 ... pathnameN

sadmin trusted ‑l

sadmin trusted ‑f

sadmin trusted ‑u <networkpath>


unsolidify (unso)

Removes specified whitelistedfiles from the whitelist.

sadmin unsolidify [ ‑v ] L, W E, D, U

sadmin unsolidify [ ‑v ]filename1 ... filenameN

sadmin unsolidify [ ‑v ]directoryname1 ...directorynameN

sadmin unsolidify [ ‑v ]volumename1 ...volumenameN


updaters Adds, deletes, lists, or flushesprograms from the list ofauthorized updaters.

sadmin updaters add [ ‑d ]{ binaryname }

L E, D, U

sadmin updaters add [ ‑n ]{ binaryname }

sadmin updaters add [ ‑pparent‑programname ]{ binaryname }

sadmin updaters add [ ‑trule‑id ] { binaryname }

sadmin updaters add [ ‑d ][ ‑n ] [ ‑t rule‑id ] [ ‑pparent‑programname ]{ binaryname }

sadmin updaters remove{ binaryname }

sadmin updaters remove [ ‑pparent‑programname ]{ binaryname }





sadmin updaters list

sadmin updaters flush

sadmin updaters add [ ‑d ]{ binaryname }

W E, D, U

sadmin updaters add [ ‑llibraryname ]{ binaryname }

sadmin updaters add [ ‑n ]{ binaryname }

sadmin updaters add [ ‑pparent‑binaryname ]{ binaryname }

sadmin updaters add [ ‑trule‑id ] { binaryname }

sadmin updaters add [ ‑d ][ ‑n ] [ ‑t rule‑id ] [ ‑llibraryname ]{ binaryname }

sadmin updaters add [ ‑d ][ ‑n ] [ ‑t rule‑id ] [ ‑pparent‑binaryname ]{ binaryname }

sadmin updaters add [ ‑trule‑id ] ‑u username

sadmin updaters remove{ binaryname }

sadmin updaters remove [ ‑llibraryname ]{ binaryname }

sadmin updaters remove [ ‑pparent‑binaryname ]{ binaryname }

sadmin updaters remove ‑uusername

sadmin updaters list

sadmin updaters flush


version Displays the version of theinstalled Application Control

sadmin version L, W E, D, U






write‑protect (wp)

Write‑protects specified filesincluding the whitelisted files.You must specify complete fileor directory names with thiscommand.

sadmin write‑protect ‑ipathname1 ... pathnameN

L, W E, D, U

sadmin write‑protect ‑epathname1 ... pathnameN

sadmin write‑protect ‑rpathname1 ... pathnameN

sadmin write‑protect ‑l

sadmin write‑protect ‑f


write‑protect‑reg(wpr)

Write‑protects specifiedregistry keys including thewhitelisted registry keys.

sadmin write‑protect‑reg ‑iregistrykeyname1 ...registrykeynameN

W E, D, U

sadmin write‑protect‑reg ‑eregistrykeyname1 ...registrykeynameN

sadmin write‑protect‑reg ‑rregistrykeyname1 ...registrykeynameN

sadmin write‑protect‑reg ‑l

sadmin write‑protect‑reg ‑f




2 Argument Details

This table lists the commands with the supported arguments and their description. In the Argumentcolumn, the supported arguments for the commands are listed in alphabetical order.

You can use ‑z argument to prevent the system from prompting for the password. This argument can beused in all CLI commands to provide the CLI password (so that the system does not prompt forpassword). For example, if the CLI password is set and you issue the sadmin wp ‑i abc.txt command,the system will immediately prompt you for the password. Using the ‑z argument, you can issue thesadmin wp ‑z <password> ‑i abc.txt command to provide the password with the issued command.

Table 2-1 Argument Details

Command Argument Description

attr ‑a Use this argument to always authorize by filename. This is adeprecated technique. For more information on using thistechnique, contact McAfee support.

‑b Use this argument to configure the bypass, restore, list, andflush rules for a component protected using the Manglingtechnique. This is a deprecated technique. For moreinformation on using this technique, contact McAfee support.

‑c Use this argument to configure the bypass, restore, list, andflush rules for a component protected using the CriticalAddress Space Protection technique.

‑d Use this argument to configure the bypass, restore, list, andflush rules for a component protected using themp‑vasr‑randomization technique.

‑e Use this argument to configure the add, remove, list, andflush rules for a component protected using themp‑vasr‑rebasing technique.

‑f Use this argument for full crawl attribute. This is adeprecated technique. For more information on using thistechnique, contact McAfee support.

‑i Use this argument to configure the bypass, restore, list, andflush rules for a component using the Installer Detectiontechnique.

‑l Use this argument to configure the bypass, restore, list, andflush rules for a component using the Anti‑Debuggingtechnique. This is a deprecated technique. For moreinformation on using this technique, contact McAfee support.

‑n Use this argument to configure the bypass, restore, list, andflush rules for a component using the mp‑nx technique.

‑o Use this argument to specify the DLL module name for aspecified process. This argument can be used with ‑p or ‑varguments. On the Linux platform, use this argument tospecify the parent program of the ‑p attribute.

2


Table 2-1 Argument Details (continued)


‑p Use this argument for process context file operations bypassattribute.

‑r Use this argument to configure the bypass, restore, list, andflush tasks for a component using the mp‑vasr‑relocationtechnique.

‑u Use this argument to always unauthorize by filename. This isa deprecated technique. For more information on using thistechnique, contact McAfee support.

‑v Use this argument for Forced DLL relocation bypassattribute.

auth ‑a Use this argument to authorize a binary using the checksumvalue.

‑b Use this argument to ban a binary using the checksum value.

‑c Use this argument to specify the checksum value.

‑f Use this argument to flush all authorized or banned binaries.

‑l Use this argument to list all authorized and banned binaries.

‑r Use this argument to remove the authorized or bannedbinaries.

‑t Use this argument to include the associated tag name for abinary to be banned.

‑u Use this argument with the ‑a and ‑c arguments to authorizea binary and also provide updater privileges.

begin‑update (bu) workflow‑id Specify an ID while switching to the Update mode. This IDcan be used for tracking purposes in a change managementfor ticketing system.

comment Use a descriptive text for the workflow ID.

cert ‑c Use this argument to specify the certificate content astrusted.

‑d Use this argument to list all the details of the issuer andsubject of the certificates added to the system.

‑u Use this argument to provide updater privileges to acertificate that is added as a trusted certificate or list thetrusted certificates with updater privileges.

check ‑r Use this argument to fix any inconsistencies that areencountered.

config ‑a Use this argument to append the configuration values.

diag ‑f Use this argument to apply the diagnosed configurationchanges for the restricted programs, such as winlogon.exeand svchost.exe.

disable NA NA

enable NA NA

end‑update (eu) NA NA

event ‑a Use this argument to add sinks to the specified event.

‑r Use this argument to remove sinks from the specified event.

2 Argument Details




features ‑d Use this argument to list all the features (including thehidden features).For more information on the hidden features, contact McAfeesupport.

help NA NA

help‑advanced NA NA

license NA NA

list‑solidified (ls) ‑l Use this argument to list details of the whitelisted files.

list‑unsolidified(lu)

NA NA

lockdown NA NA

passwd ‑d Use this argument to remove the password for usingApplication Control.

read‑protect (rp) ‑e Use this argument to exclude specific components from aread‑protected directory, or volume.

‑f Use this argument to flush all components from readprotection.

‑i Use this argument to include files, directories, or volumes forread protection.

‑l Use this argument to list the read‑protected components.

‑r Use this argument to remove read‑protection applied to files,directories, or volumes.

recover ‑f Use this argument to forcefully abort the McAfee ePOcommand and recover the local CLI.

solidify (so) ‑q Use this argument to suppress all the output except forerrors.

‑v Use this argument to display all the processed components.

status NA NA

trusted ‑e Use this argument to specify one or more paths to thedirectories or volumes to be excluded from a list of trusteddirectories or volumes.

‑f Use this argument to remove all the directories and volumesfrom the trusted rule.

‑i Use this argument to specify one or more paths to thedirectories or volumes to be added as trusted directories orvolumes.

‑l Use this argument to list all trusted directories and volumes.

‑r Use this argument to remove the specified directories orvolumes from the trusted rule.

‑u Use this argument to provide updater privileges to all thebinaries and scripts in the trusted directories or volumes.

unsolidify (unso) ‑v Use this argument to display all the processed components.

updaters ‑d Use this argument to exclude the child processes of a binaryfile to be added as an updater from inheriting the updaterprivileges.

Argument Details 2




‑l Use this argument to include the library name for anexecution file to be added as an updater (for Windows).

‑n Use this argument to disable event logging for a file to beadded as an updater.

‑p Use this argument to add a file as an updater only when it islaunched by specified parent process.

‑t Use this argument to perform these operations:• Include the tags for a file to be added as an updater

• Add a user with a tag name as an updater

‑u Use this argument to add a user as an updater (forWindows).

version NA NA

write‑protect (wp) ‑e Use this argument to exclude specific components from awrite‑protected directory or volume.

‑f Use this argument to flush all components from writeprotection.

‑i Use this argument to write‑protect files, directories, orvolumes.

‑l Use this argument to list the write‑protected components.

‑r Use this argument to remove write protection applied tofiles, directories, or volumes.

write‑protect‑reg(wpr)

‑e Use this argument to exclude one or more registry keys fromwrite protection.

‑f Use this argument to flush all registry keys from writeprotection. Flushing the registry keys from write protectionremoves all write‑protection rules applied to the registrykeys.

‑i Use this argument to write‑protect registry keys.

‑l Use this argument to list all write‑protected registry keys.

‑r Use this argument to remove write protection from one ormore registry keys.

2 Argument Details


00

For use in standalone mode - McAfee · PDF fileCommand Line Interface Guide McAfee Application Control 6.1.0 For use in standalone mode

Documents