From McAfee Application Control 7.x Security Technical Implementation Guide
Part of SRG-APP-000383
Associated with: CCI-001762
By default, when an endpoint's Solidcore installation is managed by the ePO server, the CLI will automatically be in lockdown mode. This will ensure the endpoint receives all of its Solidcore configuration settings from the ePO server. The CLI can, however, be activated for troubleshooting efforts during which time the ePO settings will not be enforced. Leaving the CLI in an allowed status will prevent the endpoint from receiving changes from the ePO server for the Solidcore client.
Determine CLI status.
Access the system being reviewed. From an operating system command line, execute the following command:
sadmin status
From the ePO server console System Tree, select the "Systems" tab. Select "This Group and All Subgroups". Select the asset. Select "Actions". Select "Agent". Click "Actions". Select "New Client Task Assignment" to open the Client Task Assignment Builder page. Select the "Solidcore 7.0.0 product", "SC: Change Local CLI Access" task type, then click "Create New Task" to open the Client Task Catalog page. Change "CLI status" to "Restrict". Click "Save".
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer