McAfee Application Control 5.0 (due out Dec. 15) is the result of McAfee's acquisition of Solidcore and the integration of Solidcore S3 Control with McAfee ePolicy Orchestrator (ePO). McAfee Application Control rivals SignaCert for the broadest client support among all the products in InfoWorld's review. It also boasts write protection and ownership protection of whitelisted files, good reporting and alerting, and no significant cons.
McAfee Application Control can enforce whitelisting policies on Windows NT 4 through Windows Server 2008 (Windows 7 support is forthcoming), Suse Linux 9 and 10, Oracle Enterprise Linux, Red Hat Linux 3 through 5 (and CentOS), and Solaris 8 through 10. Its precursor, Solidcore S3 Control, is in use on thousands of client nodes and is deployed on more than 250,000 ATMs.
[ Read the Test Center review of application whitelisting solutions from Bit9, CoreTrace, Lumension, McAfee, SignaCert, and Microsoft. Compare these application whitelisting solutions by the features. ]
McAfee Application Control's management console is a dashboard component of McAfee ePO 4.5 (screen image). Administrators connect via a secure browser session, where they can manage Application Control and any other McAfee security solutions they have deployed.
Protected PCs are considered "Solidified," a term that harkens back to the product's Solidcore days. The client interface is minimal, consisting of command-line instructions and parameters. Clicking an icon on the client desktop, called the McAfee Solidifier Command Line (screen image), gives access to all the Solidifier console commands, which allows a user to control everything an administrator could from within the ePO management console. Of course, ePO configurations can prevent local commands from working.
What McAfee Application Control may lack in client interface it makes up for in overall functionality. It can allow or deny program executions by file name, SHA-1 hash, path rules, and digital certificates. McAfee's solution is one of only two products in this review (the other is Lumension) to allow or deny individual scripts or files of any type, although configuring these policies takes extra steps in McAfee. (SignaCert can monitor individual scripts, or any file type, but cannot block executions.) An administrator must first create a rule about the script interpreter or originating process, but then can allow or prevent individual scripts and files. For example, to prevent individual Perl scripts, the administrator would have to create a rule regarding Perl.exe, but then can allow or deny individual Perl scripts. Similarly, 16-bit applications can be controlled by first creating a rule about Ntdvm.exe, and then marking the individual 16-bit applications.
| Test Center Scorecard | ||||||
|---|---|---|---|---|---|---|
 |  |  |  |  |  | |
| 30% | 15% | 25% | 10% | 20% | ||
| McAfee Application Control 5.0 | 9 | 9 | 9 | 8 | 8 | 8.7 Very Good |
Read more about security central in InfoWorld's Security Central Channel.
Get the independent advice and expertise you need to support a virtual workforce.
The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.
Download now »
Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.
Download now »
A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.
Download now »
Sign up to receive InfoWorld Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
13 Recommendations
