Change Control and Application Control 6.1 Installation ... · PDF filesystems for Change Control and Application Control (see KB76579). Also, note that Change Control ... AIX Ensure

Installation Guide

McAfee Change Control and McAfeeApplication Control 6.1.0For use in standalone mode

COPYRIGHTCopyright © 2012 McAfee, Inc. Do not copy without permission.

TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator,McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab,McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection,TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States andother countries. Other names and brands may be claimed as the property of others.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 McAfee Change Control and McAfee Application Control 6.1.0 Installation Guide

Contents

Preface 5About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1 Install the software 7Review prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Procure the installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Understand the Linux installation workflow . . . . . . . . . . . . . . . . . . . . . . . 10

Installation script checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Reuse builds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Install in the Interactive mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12On the Windows platform . . . . . . . . . . . . . . . . . . . . . . . . . . . 12On the AIX platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Install in the silent mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15On the Windows platform . . . . . . . . . . . . . . . . . . . . . . . . . . . 15On the Linux platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16On the AIX platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Verify the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18On the Windows platform . . . . . . . . . . . . . . . . . . . . . . . . . . . 18On the Linux and AIX platforms . . . . . . . . . . . . . . . . . . . . . . . . 18

2 Upgrade the software 21Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Upgrade in the interactive mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

On the Windows platform . . . . . . . . . . . . . . . . . . . . . . . . . . . 22On the AIX platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Upgrade in the silent mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24On the Windows platform . . . . . . . . . . . . . . . . . . . . . . . . . . . 24On the Linux platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26On the AIX platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Verify the upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

3 Uninstall the software 29Uninstall in the interactive mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

On the Windows platform . . . . . . . . . . . . . . . . . . . . . . . . . . . 29On the AIX platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Uninstall in the silent mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30On the Windows platform . . . . . . . . . . . . . . . . . . . . . . . . . . . 30On the Linux platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31On the AIX platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

A FAQs 33

McAfee Change Control and McAfee Application Control 6.1.0 Installation Guide 3

Index 37

Contents


Preface

Contents About this guide Find product documentation

About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.

AudienceMcAfee documentation is carefully researched and written for the target audience.

The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

ConventionsThis guide uses these typographical conventions and icons.

Book title, term,emphasis

Title of a book, chapter, or topic; a new term; emphasis.

Bold Text that is strongly emphasized.

User input, code,message

Commands and other text that the user types; a code sample; a displayedmessage.

Interface text Words from the product interface like options, menus, buttons, and dialogboxes.

Hypertext blue A link to a topic or to an external website.

Note: Additional information, like an alternate method of accessing anoption.

Tip: Suggestions and recommendations.

Important/Caution: Valuable advice to protect your computer system,software installation, network, business, or data.

Warning: Critical advice to prevent bodily harm when using a hardwareproduct.


Find product documentationMcAfee provides the information you need during each phase of product implementation, frominstallation to daily use and troubleshooting. After a product is released, information about the productis entered into the McAfee online KnowledgeBase.

Task1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.

2 Under Self Service, access the type of information you need:

To access... Do this...

User documentation 1 Click Product Documentation.

2 Select a product, then select a version.

3 Select a product document.

KnowledgeBase • Click Search the KnowledgeBase for answers to your product questions.

• Click Browse the KnowledgeBase for articles listed by product and version.

PrefaceFind product documentation


http://mysupport.mcafee.com

1 Install the software

This section describes how to install Change Control or Application Control in the standalone mode.

You can install the software on Windows, Linux, and AIX platforms. For all supported platforms, thesoftware works well on both physical and virtual machines (VM). You can install the software in one ofthe following modes.

Mode Description

Interactive mode During interactive installation, the installer launches an installation wizard thatguides you through the several steps required to configure and install thesoftware.

Silent mode During silent or non‑interactive installation, no progress bar or messages aredisplayed. Silent installation is recommended for medium and large scaledeployments.

Contents Review prerequisites Procure the installer Understand the Linux installation workflow Install in the Interactive mode Install in the silent mode Verify the installation

Review prerequisitesBefore installing Change Control or Application Control, review the following guidelines and ensurethat your environment conforms to these requirements.

• Verify that the system does not have an existing installation. Installation may fail, if anotherinstance of the software is already installed and is in Enabled mode.

• If upgrade is supported from the installed version (verify by reviewing release notes andKB76579), refer the Upgrade the software section for upgrade instructions.

• If upgrade is not supported from the installed version, uninstall the existing version beforeinstalling the new version.

• Download the license key from the McAfee Downloads site. Keep it handy before startinginstallation.

• Review the minimum system requirements, supported operating systems, and supported filesystems for Change Control and Application Control (see KB76579). Also, note that Change Controlor Application Control cannot be installed on a network partition or on a partition having anunsupported file system.

• Ensure that the platform on which you need to install the software is supported (see KB76459).

1


https://kc.mcafee.com/corporate/index?page=content&id=KB76579



• Review the release notes to acquaint yourself with the known issues and identify dependencies youneed to consider.

• Review the following platform‑specific requirements.

Platform Requirements

Windows • Ensure that the product is not installed in the <SYSTEM_VOLUME>\Solidcore directoryor its sub‑directories.

• Ensure that the product is not installed on a non‑system drive.

• Some Anti‑virus programs, such as Norton Internet Security 2006 can block theexecution of Solidcore client files leading to issues, such as configuration not beingset properly. To avoid similar problems, either disable the anti‑virus programs beforeinstalling the Solidcore client or ensure that these programs allow Solidcore clientfiles to run.

• For all platforms except Windows 2000, if you have other file‑security programs(antivirus programs or file‑encryption programs) installed and running on yourmachine, please create a registry key named DfsIrpStackSize underHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup\Parameters andset its decimal value to 10. If this registry key already exists, please ensure that itsdecimal value is set to 10.

AIX Ensure that the genkex package is installed on the system

Linux To ensure successful installation of Change Control or Application Control on the Linuxoperating system (when a pre‑compiled build is unavailable), a build environment isrequired on the endpoint. Before installing the Linux software, ensure all Linuxendpoints in your setup conform to these requirements. Note that anynon‑conformance to the listed build environment will result in build and installationfailures.• Ensure the following build and packaging tools are installed on the endpoint system:

• gmake (provided by package make)

• gcc (provided by package gcc)

• ld (provided by package binutils)

• ar (provided by package binutils)

• rpmbuild (provided by package rpm‑build on Red Hat and package rpm on SUSE)

• cpio (provided by package cpio)

• Ensure the Kbuild framework is installed under /lib/modules/<kernelversion>/build/ (provided by package kernel‑source on SUSE 10 and package kernel‑devel onrest of the distributions).

• Ensure the installed packages match the running kernel.

• We recommend that you ensure that the installed package versions are the same asthe versions that are packaged with the distribution ISO.

1 Install the softwareReview prerequisites


Procure the installerUse this task to obtain the Solidcore client installer file.

Task1 Download the Solidcore client package from the McAfee Downloads site.

The Solidcore client is the software component that provides change monitoring, changeprevention, and whitelisting features on the endpoints on which it is installed. The following tablelists the available Solidcore client packages.

Operating system Package name

Windows SOLIDCOR<version>‑<build>_WIN.zip

AIX SOLIDCOR<version>‑<build>_LNX.zip

Linux SOLIDCOR<version>‑<build>_AIX.zip

In the file name, <version> and <build> represent the version and build number associated with theproduct. For example, the SOLIDCOR610‑211_LNX.zip file includes the Solidcore client (version 6.1.0and build number 211) for the Linux platform.

2 Save the package file to an accessible location.

3 Open the package file for the required operating system.

The Solidcore client package file includes the installers for the all variants of the operating system.

For the Windows operating system, different installers are available based on the targetarchitecture and distribution. Each installer file is named using the following syntax setup‑win‑<os>‑<arch>‑<rel>.<build>.exe where <arch> is x86 for 32‑bit architecture, ia64 for Intel 64‑bitarchitecture, and amd64 for AMD 64‑bit architecture. The <os> indicates the operating system towhich the installer applies.

4 Extract the required installer.

Install the softwareProcure the installer 1


Understand the Linux installation workflowProvides information on the installation workflow on the Linux operating system.

1 Install the softwareUnderstand the Linux installation workflow


Installation script checksWhen you run the installation script, it performs multiple checks and tasks.

The following checks are performed by the installation script:

Task1 Verifies the architecture and operating system information.

2 Validates the kernel installed on the endpoint.

Based on whether a pre‑compiled binary file is available for the installed kernel or not, theinstallation script performs one of the following steps:

• If a pre‑compiled binary file exists for the kernel, the installation script begins the installation.For detailed information on kernel for which pre‑compiled binary files are available, see theKB76544 article.

• If a pre‑compiled binary file is unavailable for the kernel, the installation script performs thefollowing tasks.

a Verifies if a pre‑compiled build for the kernel is available in the /opt/solidcore directory. If youare using a specific kernel across multiple endpoints, you can compile the kernel module buildon one endpoint and use it across the all other endpoints. Note that the /opt/solidcoredirectory does not exist by default and needs to be created manually. For detailed informationon reusing a build, see the Reuse builds section.

If a build is available in the /opt/solidcore directory, begin installation. If a build isunavailable, proceed with step b.

b Verifies if the required build and packaging tools are installed on the endpoint. For detailedinformation, see the Review prerequisites section.

If the required build and packaging tools are installed, proceed with step c. If not, theinstallation fails.

c Recompiles the kernel module source code and creates a build suitable for the installed kernel.

If the build is successfully created, proceed with step d. If not, the installation fails.

d Installs the created build on the endpoint.

If the created build is successfully installed, the installation is complete. If not, the installationfails.

e Runs the sanity suite after the installation is complete to validate the installation. You mustreview and verify the results of the sanity suite by viewing the contents of the RESULTS filestored in the /usr/local/mcafee/solidcore/sanity directory. If needed, you can view thecontents of the LOGS file in the same directory.

After the sanity suite runs, the software enters a partially‑disabled or dormant state. In such astate, any process that tries to run on the system is allowed to execute and the software doesnot monitor or block any actions. Unlike Disabled mode (with system reboot), in this state thesystem is not restarted and the Solidcore driver continues to be loaded in memory. When thesystem is partially‑disabled, the output for the sadmin status command is marked with anasterisk.

McAfee Solidifier: Disabled*

McAfee Solidifier on reboot: Disabled

Install the softwareUnderstand the Linux installation workflow 1



To exit this mode you can perform one of the following actions:

• Execute the sadmin enable command to place the system in Enabled mode. Ensure that youadd the license before placing the system in Enabled mode.

• Restart the system to place the system in Disabled mode.

Reuse buildsIf a pre‑compiled binary file does not exist for a kernel, the installation script compiles the kernelmodule source code to create a build suitable for the kernel. Once this build is available, you can reusethis build to install the software on all endpoints that use the same kernel.

When a build is compiled for a specific kernel, the build name includes the kernel details. The namingconvention followed for the builds is solidifier‑kmod‑<rel>‑<build>.<distro>.<kernel>.<arch>.rpm.

In the file name,

• <distro> applies to the available distributions. LEL5 represents Red Hat Enterprise Linux 5, LEL6represents Red Hat Enterprise Linux 6, LSES10 represents SuSE Enterprise Linux 10, and LSES11represents SuSE Enterprise Linux 11.

• <kernel> indicates the kernel for which the build was compiled.

• <arch> is i386 for 32‑bit architecture and x86_64 for AMD 64‑bit architecture.

Here is an example of a build created for the Red Hat Enterprise Linux 6 version, solidifier‑kmod‑6.1.0‑9321.LEL6.2.6.32‑279.2.1.el6.i686.i386.rpm.

The build is created and stored in the <install directory>/dks directory. To reuse the build on analternate endpoint, place the build file in the /opt/solidcore directory of the target endpoint.

Install in the Interactive modeIn the interactive mode, the installer launches an installation wizard that guides you through theinstallation. Using the interactive mode you can install the software on the Windows and AIXplatforms. Note that the interactive mode is unavailable for the Linux platform.

On the Windows platformUse this task to install the software in interactive mode on a Windows system.

Task1 Log on to the system with administrative privileges.

2 Navigate to the directory containing the installer file.

3 Perform one of the following tasks.

• On the Windows Vista, Windows 2008, Windows 2008 R2, and Windows 7 (with UAC enabled)platforms, right‑click on the installer file in Windows Explorer and select Run asAdministrator.

• On other Windows platforms, double‑click the installer file in the Windows Explorer to begin theinstallation.

The Welcome page is displayed.

1 Install the softwareInstall in the Interactive mode


4 Click Next

The License Agreement page is displayed.

5 Accept the terms of the license agreement and click Next.

The Customer Information page is displayed.

6 Enter the user and company information.

7 Perform one of the following steps and click Next.• Enter the license key in the Serial Number field.

• Select the Install without license key option to specify the license key after installation by using thelicense command.

The Destination Folder page is displayed.

8 Specify the installation folder.

1 Perform one of the following steps.

• Accept the default installation location. By default, the software files are placed in the<system drive>:\Program Files\McAfee\Solidcore folder.

• Modify the installation folder by clicking Change. In the dialog box, specify a folder path name(up to 240 characters).

2 Optionally, perform one or all of the following steps if you are using any Windows platform.

• By default, a desktop shortcut for McAfee Solidifier Command Line is created. Deselect theCreate Desktop Shortcut option if you do not want to create the shortcut.

• To perform post‑installation configuration, you can run a batch file (containing commands) oran executable file. The specified file is launched automatically after the software is installedon the system. Click Browse to specify the file to run.

3 Click Next. The Ready to Install the Program page is displayed.

9 Click Install to begin the installation.

10 Click Finish to exit the installation wizard.

On the AIX platformUse this task to install the software in interactive mode on an AIX system.

Task

1 Log on to the system with administrative privileges.


3 Execute the following command to run the installer.

# ./solidifier‑<rel>‑<build>‑aix‑<arch>.binA message indicating the start of the installation is displayed

‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑ Welcome to the McAfee Solidifier Setup Wizard‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑ Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Press [Enter] to continue :

Install the softwareInstall in the Interactive mode 1


4 Press Enter.

The McAfee End User License Agreement is displayed.

5 Press Enter until you view all pages of the agreement.

A message prompting you to accept the agreement is displayed.

Do you accept this license? [y/n]:

6 Read the agreement carefully and type Y or y to accept the agreement. Alternatively, type N or n toexit the installation process.

A message prompting you to specify the installation path is displayed.

‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑ Install PathPlease enter the path where you wish to install McAfee Solidifier. Install path for McAfee Solidifier [/usr/local]:


• Press Enter to accept the default installation path (/usr/local/mcafee/solidcore).

• Specify the installation path

A message prompting you to specify the license key is displayed.

‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑ Product license key:Please enter the product license key:License key for the product (Press ENTER to skip this step and add license key after installation) [ ]


• Enter the license key then press Enter.

• Press Enter to specify the license key after installation by using the sadmin license addcommand.

The following message is displayed.

‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑ Setup is now ready to begin installing McAfee Solidifier on your computerDo you want to continue? [Y/N]:

9 Type Y or y or press Enter to proceed with the installation. Alternatively, type N or n to abortinstallation.

The installation begins. The following message is displayed after successful installation of theproduct.

Setup has finished installing McAfee Solidifier on your computer.

1 Install the softwareInstall in the Interactive mode


Install in the silent modeTo perform a silent installation, use the provided command line options to suppress all interaction andprovide parameters for all options.

When you perform a silent installation, no messages are displayed. Instead, a log file captures theinstallation information, including whether the installation was successful. You can review the log fileand determine the results of installation. Using the silent mode you can install the software on theWindows, AIX, and Linux platforms.

On the Windows platformUse this task to install the software in silent mode on a Windows system.


2 Ensure that the required installer is available.

Install the softwareInstall in the silent mode 1


3 Open a command window.

4 Execute one of the following commands

<installer‑file> /s /v" /qn SERIALNUMBER=xxxx‑xxxx‑xxxx‑xxxx‑xxxx"Or

<installer‑file> /s /v" /qn UNLICVER=1"Notice the double quotes (") after /v and space between /s and /v. There is no space between /vand double quotes ("). Here is description of all possible arguments for the command. In additionto the SERIALNUMBER or UNLICVER arguments, you can optionally specify one or more of thefollowing arguments with the command.

Argument Description

SERIALNUMBER Allows you to specify the license key for the installation. Here is an example.<installer‑file> /s /v" /qn SERIALNUMBER=xxxx‑xxxx‑xxxx‑xxxx‑xxxx"

UNLICVER Allows you to install the software without specifying the license key. You canenter the license key by using the license command after installation. Possiblevalues for the argument UNLICVER are 0 and 1. A value of 1 indicates that youare installing the software without using the license key. Here is an example.<installer‑file> /s /v" /qn UNLICVER=1"

SHORTCUT Allows you to create a desktop shortcut to access the command line tool. To skipthe creation of the shortcut, assign 0 to the SHORTCUT argument. To create theshortcut, either do not provide the SHORTCUT argument or assign it the value 1.Here is an example:<installer‑file> /s /v" /qn UNLICVER=1 SHORTCUT=1"

POSTINSTALL Allows you to specify a file to perform post‑installation configuration. Thespecified file is used for configuration after the software is installed on thesystem. To specify file paths that contain spaces, enclose the paths in doublequotes ("). Here is an example.<installer‑file> /s /v" /qn UNLICVER=1 POSTINSTALL=\"C:\\My Dir\\batch.exe\""

INSTALLDIR Allows you to install the software at a user‑specified location. With theINSTALLDIR argument, you can specify a folder path name of up to 240characters only (total string length including special characters). Here is anexample.<installer‑file> /s /v" /qn SERIALNUMBER=xxxx‑xxxx‑xxxx‑xxxx‑xxxxINSTALLDIR=\"C:\\My Dir\\McAfee\\Solidcore\""

/l+*v Allows you to change the default location of the S3Setup.log file. By default, theS3Setup.log file is placed in the SYSTEMROOT directory. Alter the location of thisfile by using the /l+*v argument. Here is an example.<installer‑file> /s /v" /qn UNLICVER=1 /l+*v \"C:\\S3Setup.log\""

On the Linux platformUse this task to install the software in silent mode on a Linux system.



3 Extract the contents of the Solidcore client package file.

1 Install the softwareInstall in the silent mode


4 Optionally, reuse a pre‑compiled build to install the software by placing the build in the /opt/solidcore directory of the target endpoint.

For more information on how to reuse builds, see the Understand the Linux installation workflowsection.

5 Run the mapkg_install script file.

./mapkg_install.shThe installation script performs installation‑related tasks. By default, the software is installed in the /usr/local/mcafee/solidcore directory.

6 Review the log file.

• If the installation succeeds, the solidcoreS3_install.log file is created in the /var/log/mcafee/solidcore directory.

• If the installation fails, the solidcoreS3_install.log file is present in the /tmp directory. Tofurther investigate installation failures, contact McAfee Support (https://mysupport.mcafee.com/ or +1(408)988‑3832) with the log file.

On the AIX platformUse this task to install the software in silent mode on an AIX system.




./solidifier‑<rel>‑<build>‑aix‑<arch>.bin ‑‑mode unattendedYou can specify the following optional parameters while running the installer.

Parameter Description

‑‑licensekey Allows you to specify the license key during installation. Here is an example.

# ./solidifier‑6.0.1‑1007‑aix‑ppc32.bin ‑‑mode unattended ‑‑licensekey1234‑1234‑1234‑1234‑1234

If you install the product without specifying the license key, you can enter the licensekey later by using the sadmin license add command.

‑‑prefix Allows you to install the product at a user‑specified location. Here is an example.

# ./solidifier‑6.0.1‑1007‑aix‑ppc64.bin ‑‑mode unattended ‑‑prefix /usr/john/myapps

‑‑optionfile Allows you to use an ASCII file to specify all installation options. Here is an example.

# ./solidifier‑<rel>‑<build>‑aix‑<arch>.bin ‑‑optionfile /usr/john/myopfileThe ASCII file must include the installer options in the following syntax:

mode=unattended [ licensekey=<licensekey> ] [ prefix=<pathname> ]Here is an example of an options file.

mode=unattended licensekey=1234‑1234‑1234‑1234‑1234 prefix=/usr/john/myapps

Install the softwareInstall in the silent mode 1


https://mysupport.mcafee.com/


Verify the installationAfter you complete installation, verify that the Change Control or Application Control software wasinstalled successfully.

On the Windows platformUse this task to verify that the software was installed successfully on a Windows system.

After successful completion of the installation process:

• An entry for McAfee Solidifier is added to the Programs menu.

• The swin.sys file is added to the %SystemRoot%\System32\Drivers location.

• The McAfee Solidifier Service is added under Windows services.

• Product‑specific registry settings are created:

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swin

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scsrvc

• Additional files are placed in the install directory. These files are internal to the product and shouldnot be modified.

• S3Setup.log file is created under %SYSTEMROOT%. You can view the log file contents to verify if anyerrors occurred during the installation process.

On the Linux and AIX platformsUse this task to verify that the software was installed successfully on a Linux or AIX system.

Task1 Run the command to verify that the Solidcore product is reported in the package database of the

system.

Operatingsystem

Command

Linux # rpm ‑q solidcoreS3 solidcoreS3‑kmodThe following messages are displayed.

solidcoreS3‑<rel>‑<build>

solidcoreS3‑kmod‑<rel>‑<build>

AIX # lslpp ‑l solidcoreS3The following messages are displayed.

Fileset Level State Description

‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑Path: /usr/lib/objrepos solidcoreS3 <rel>.<build> COMMITTED McAfee Solidifier for AIX,<rel>.<build>.

2 Run the command to verify that the solidcore.conf file is created in /etc directory duringinstallation.

# ls ‑ls /etc/mcafee/solidcore/solidcore.conf

1 Install the softwareVerify the installation


3 Execute the command to ensure that the software service (scsrvc) is added to the system.

Operating system Command

Linux # ls ‑ls /etc/init.d/scsrvcAIX # ls ‑ls /etc/scsrvc

4 Execute the following command to verify that the software service (scsrvc) is running.

# ps ‑ef | grep scsrvcThe output of this command should show at least two scsrvc processes running from theinstallation location.

5 Ensure the product files are placed in the installation directory.

# ls ‑ls <install‑dir>

Install the softwareVerify the installation 1


1 Install the softwareVerify the installation


2 Upgrade the software

This section describes how to upgrade Change Control or Application Control in the standalone mode.

You can upgrade the software in one of these modes.

Mode Description

Interactive mode In the interactive mode, the installer launches an installation wizard that guidesyou through the upgrade process.

Silent mode During silent or non‑interactive upgrade, no progress bar or messages aredisplayed. Instead, a log file captures Silent mode information, including whetherthe upgrade was successful. You can then review the log file and determine theresults of upgrade. Silent upgrade is recommended for medium and large scaledeployments.

Contents Before you begin Upgrade in the interactive mode Upgrade in the silent mode Verify the upgrade

Before you beginBefore upgrading Change Control or Application Control, review the following guidelines and ensurethat your environment conforms to these requirements.

• Upgrade is possible only at the existing installation location. Note that upgrading to an alternatepath is not supported.

• Upgrade is supported in the Update and Disabled mode. However, it is recommended that youperform the upgrade in Update mode. If for some reason, you upgrade in Disabled mode, ensureyou recreate the whitelist for the endpoint when using the Application Control software. Also, onthe Windows platform, restart the system after you upgrade the software.

Application Control also supports the Observe mode. However, this mode is unavailable in thestandalone configuration and is available only when the system is managed by McAfee ePO.

• Note that the default rule list (as available in a fresh installation) is not imported on upgrade. Allexisting monitoring, filter, read‑protect, and write‑protect rules applied before upgrade remainintact.

• Review the release notes to acquaint yourself with the known issues and identify dependencies youneed to consider.

• Ensure the following build and packaging tools are present on your Linux systems. For successfulinstallation of Change Control or Application Control on the Linux operating system (when apre‑compiled build is unavailable), a build environment is required on the endpoint. Before

2


installing the software, ensure all Linux systems in your setup conform to these requirements. Notethat any non‑conformance to the listed build environment will result in build and installationfailures.

• Ensure the following build and packaging tools are installed on the endpoint system:

• gmake (provided by package make)

• gcc (provided by package gcc)

• ld (provided by package binutils)

• ar (provided by package binutils)

• rpmbuild (provided by package rpm‑build on Red Hat and package rpm on SUSE)

• cpio (provided by package cpio)

• Ensure the Kbuild framework is installed under /lib/modules/<kernelversion>/build/(provided by package kernel‑source on SUSE 10 and package kernel‑devel on rest of thedistributions).

• Ensure the installed packages match the running kernel.

• We recommend that you ensure that the installed package versions are the same as theversions that are packaged with the distribution ISO.

Upgrade in the interactive modeUsing the interactive mode you can upgrade the software on the Windows and AIX platforms.

On the Windows platformUse this task to upgrade the software in the interactive mode on a Windows system.



3 Switch to the Update mode.

> sadmin begin‑update

If your system is currently in Disabled mode, you can choose to upgrade in the current mode.


• On the Windows Vista, Windows 2008, Windows 2008 R2, or Windows 7 (with UAC enabled)platforms, right‑click on the installer file in Windows Explorer and select Run as Administrator.

• On other Windows platforms, double‑click the installer file in Windows Explorer to begin theinstallation. A message box prompts you to confirm if you want to upgrade the software. ClickYes to proceed.

The Resuming Installation for McAfee Solidifier page is displayed.

5 Click Next.

The upgrade process begins. When the upgrade is complete, the Update Complete page is displayed.

2 Upgrade the softwareUpgrade in the interactive mode


6 Click Finish.

The McAfee Solidifier Installer Information message box prompts you to restart the system.

7 Click Yes.

The system is restarted.

8 Exit the Update mode.

> sadmin end‑updateThis places the system in Enabled mode.

On the AIX platformUse this task to upgrade the software in the interactive mode on an AIX system.




# sadmin begin‑update


4 Execute the installer by using the following command.

# ./solidifier‑<rel>‑<build>‑aix‑<arch>.binThe following message is displayed.

McAfee Solidifier is in update mode. Press [Enter] to continue:

5 Press Enter.

The McAfee End User License Agreement is displayed.

6 Press Enter until you view all pages of the agreement.

A message prompting you to accept the agreement is displayed.

Do you accept this license? [y/n]:

7 Read the agreement carefully and type Y or y to accept the agreement. Alternatively, type N or n toexit the upgrade process.

A message prompting you to choose the next action is displayed

Solidifier is already installed. Please select the option:[1] Exit[2] UpgradePlease choose an option [1]

Upgrade the softwareUpgrade in the interactive mode 2


8 Type 2 to proceed with the upgrade process.

Be careful after this step. Canceling or interrupting the upgrade process (by pressing [Ctrl] + [C])may leave the existing installation in an inconsistent state.


Reboot RequiredPlease reboot your system after the upgrade for changes to take effect.Press [Enter] to continue:

9 Press Enter.

The following message is displayed on the screen.

Setup is now ready to begin installing McAfee Solidifier on your computer. Do you want to continue? [Y/N]:

10 Type Y or y or press Enter to proceed with the upgrade process.

On successful upgrade of the product, the following message is displayed.

Setup has finished installing McAfee Solidifier on your computer.


# sadmin end‑update

12 Restart the endpoint to complete the upgrade process.

Upgrade in the silent modeTo perform a silent upgrade, use the command line options provided to suppress interaction andprovide parameters for all options. Using the silent mode you can upgrade the software on theWindows, AIX, and Linux platforms.

On the Windows platformUse this task to upgrade the software in silent mode on a Windows system.

Task1 Ensure that the required installer is available.


> sadmin begin‑update



2 Upgrade the softwareUpgrade in the silent mode


4 Execute one of the following commands.

Note the double quotes (") after /v and space between /s and /v. There is no space between /v anddouble quotes (").

<installer‑file> /s /v" /qn SERIALNUMBER=xxxx‑xxxx‑xxxx‑xxxx‑xxxx"

Or

<installer‑file> /s /v" /qn UNLICVER=1"

Here is description of all possible arguments for the command. In addition to the SERIALNUMBERor UNLICVER arguments, you can optionally specify one or more of the following arguments withthe command.


SERIALNUMBER Allows you to specify the license key for the software. Here is an example.

<installer‑file> /s /v" /qn SERIALNUMBER=xxxx‑xxxx‑xxxx‑xxxx‑xxxx"

UNLICVER Allows you to install the software without specifying the license key. You canenter the license key by using UNLICVER the license command after installation.Possible values for the argument are 0 and 1. A value of 1 indicates that you areinstalling the software without using the license key. Here is an example.

<installer‑file> /s /v" /qn UNLICVER=1"

SHORTCUT Allows you to create a desktop shortcut to access the command line tool. To skipthe creation of the SHORTCUT shortcut, assign 0 to the SHORTCUT argument. Tocreate the shortcut, either do not provide the SHORTCUT argument or assign itthe value 1. Here is an example.

<installer‑file> /s /v" /qn UNLICVER=1 SHORTCUT=1"

POSTINSTALL Allows you to specify a file to perform post‑installation configuration. Thespecified file is used for POSTINSTALL configuration after the software isinstalled on the system. To specify file paths that contain spaces, enclose thepaths in double quotes ("). Here is an example.

<installer‑file> /s /v" /qn UNLICVER=1 POSTINSTALL=\"C:\\My Dir\\batch.exe\"".

INSTALLDIR Allows you to install the software at a user‑specified location. With theINSTALLDIR argument, you can INSTALLDIR specify a folder path name of up to240 characters only (total string length including special characters). Here is anexample.

SERIALNUMBER=xxxx‑xxxx‑xxxx‑xxxx‑xxxxINSTALLDIR=\"C:\\My Dir\\McAfee\\Solidcore\""

/l+*v Allows you to change the default location of the S3Setup.log file. By default, theS3Setup.log file is /l+*v placed in the SYSTEMROOT directory. Alter the locationof this file by using the /l+*v argument. Here is an example.

<installer‑file> /s /v" /qn UNLICVER=1 /l+*v\"C:\\S3Setup.log\""



> sadmin end‑updateThis places the system in Enabled mode.

Upgrade the softwareUpgrade in the silent mode 2


On the Linux platformUse this task to upgrade the software in silent mode on a Linux system.

Task1 Log on to the system with administrative privileges





4 Run the mapkg_install script file.

./mapkg_install.shThe script file performs all upgrade‑related tasks. The upgrade workflow is similar to the installationworkflow. For detailed information on the workflow, see the Understand the Linux installationworkflow section.

5 Review the log file.

• If the upgrade succeeds, the solidcoreS3_install.log file is created in the /var/log/mcafee/solidcore directory.

• If the upgrade fails, the solidcoreS3_install.log file is present in the /tmp directory. Tofurther investigate installation failures, contact McAfee Support (https://mysupport.mcafee.com/ or +1(408)988‑3832) with the log file and gatherinfo logs.



# sadmin end‑updateThis places the system in Enabled mode.

On the AIX platformUse this task to upgrade the software in silent mode on an AIX system.






2 Upgrade the softwareUpgrade in the silent mode





./solidifier‑<rel>‑<build>‑aix‑<arch>.bin ‑‑mode unattendedYou can specify the following optional parameters while running the installer.


‑‑licensekey Allows you to specify the license key during installation. Here is an example.

# ./solidifier‑6.0.1‑1007‑aix‑ppc32.bin ‑‑mode unattended ‑‑licensekey1234‑1234‑1234‑1234‑1234

If you install the product without specifying the license key, you can enter the licensekey later by using the sadmin license add command.

‑‑optionfile Allows you to use an ASCII file to specify all installation options. Here is an example.

# ./solidifier‑<rel>‑<build>‑aix‑<arch>.bin ‑‑optionfile /usr/john/myopfileThe ASCII file must include the installer options in the following syntax:

mode=unattended [ licensekey=<licensekey> ] [ prefix=<pathname> ]Here is an example of an options file.

mode=unattended licensekey=1234‑1234‑1234‑1234‑1234 prefix=/usr/john/myapps



# sadmin end‑updateThis places the system in Enabled mode.

Verify the upgradeUse this task to verify that the Change Control or Application Control software was upgradedsuccessfully on the system.

On the Windows platform

Run the sadmin version command to verify that the correct version the software is listed.

On the Linux platform

Run the command to verify that the solidcore product is reported in the package database of thesystem.

# rpm ‑q solidcoreS3 solidcoreS3‑kmod

The following messages are displayed.

solidcoreS3‑<rel>‑<build>

solidcoreS3‑kmod‑<rel>‑<build>

On the AIX platform

Run the command to verify that the solidcore product is reported in the package database of thesystem.

Upgrade the softwareVerify the upgrade 2


# lslpp ‑l solidcoreS3


Fileset Level State Description‑‑‑Path: /usr/lib/objrepos solidcoreS3 <rel>.<build> COMMITTED SolidcoreS3 McAfeeSolidifier for AIX, <rel>.<build>

2 Upgrade the softwareVerify the upgrade


3 Uninstall the software

This section describes how to uninstall Change Control or Application Control.

Contents Uninstall in the interactive mode Uninstall in the silent mode

Uninstall in the interactive modeIn the interactive mode, the installer launches an installation wizard that guides you through theuninstallation. Using the interactive mode you can uninstall the software on the Windows and AIXplatforms.

On the Windows platformUse this task to remove the software from a Windows system using the interactive mode.


2 Switch to the Disabled mode.

> sadmin disable

Disabling the software requires a system reboot.

3 Perform one of the following steps:

a On Windows Vista and Windows 7 platforms, navigate to and open the Programs and Featureswindow.

b On other Windows platforms, navigate to and open the Add or Remove Programs window.

4 Select McAfee Solidifier from the list of programs and click Remove.

A message box prompts you to confirm if you want to remove the software.

5 Click Yes to proceed.

The software is removed from the system. During uninstallation all software‑related files areremoved from the system, except the following:

• Empty Solidcore folder in the installation directory (typically, C:\Program Files\McAfee)

• Certificate folder if it contains any public certificate

If needed, you can manually delete the afore‑mentioned components.

3


On the AIX platformUse this task to remove the software from an AIX system using the interactive mode.



# sadmin disable


3 Navigate to the installation directory.

4 Execute the command to uninstall the software.

# ./uninstallThe following message appears on the screen.

Do you want to uninstall McAfee Solidifier and all of its modules? [Y/n]:

5 Type Y or y or press Enter to proceed with the uninstall process

The uninstallation begins. The following message is displayed after the product is uninstalled.

Info: Uninstallation completed Press [Enter] to continue:

6 Press Enter.

Uninstall in the silent modeTo perform a silent uninstall, use the command line options provided to suppress interaction andprovide parameters for all options. Using the silent mode you can uninstall the software on theWindows, AIX, and Linux platforms.

On the Windows platformUse this task to remove the software from a Windows system using the silent mode.



> sadmin disable



4 Enter the following command.

%SYSTEMROOT%\system32\msiexec.exe /X{432DB9E4‑6388‑432F‑9ADB‑61E8782F4593} /qn

3 Uninstall the softwareUninstall in the silent mode


On the Linux platformUse this task to remove the software from a Linux system using the silent mode.



# sadmin disable



By default, the software is installed in the /usr/local/mcafee/solidcore directory.


# ./uninstall

On the AIX platformUse this task to remove the software from an AIX system using the silent mode.



# sadmin disable




# ./uninstall ‑‑ mode unattended

Uninstall the softwareUninstall in the silent mode 3


3 Uninstall the softwareUninstall in the silent mode


A FAQs

Here are answers to frequently asked questions.

Can the same Solidcore client be used for Change Control and Application Control?

The license key determines the features available for use; any or all features can be used at atime. At any time, you can add and enable a new stock‑keeping unit (SKU) on an endpoint onwhich the Solidcore client is enabled. For example, if you are currently using Change Control andwish to add and use Application Control, complete these steps.• Disable the Solidcore client on the endpoint.

• Enter the license.

• Enable the Solidcore client on the endpoint.

Can the Solidcore client be deployed on a Virtual Machine?

The Solidcore client works on a Virtual Machine if the operating system installed on the VirtualMachine is supported by the Solidcore client. For a list of the supported platforms, see KB76459.

I installed the software in standalone mode (without specifying the license key duringinstallation). Can I now use McAfee ePO to manage the endpoint?

Yes. For detailed information, refer to the KB69408 (for Windows) or KB74077 (for Linux or AIX)article.

How can I manually remove the Solidcore client in case of an unclean uninstallation on aWindows system?

Perform the following the steps to clean the Windows system:


> sadmin disable


2 Disable McAfee VSE Access Protection, if installed.


4 Execute the following commands:

sc stop scsrvc

sc delete scsrvc

sc delete swin

5 If the system is managed by McAfee ePO perform the following steps.

a Open the Registry Editor.

b Delete the HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\ApplicationPlugins\SOLIDCOR5000_WIN key





6 Open Windows Explorer.

7 Delete the following components:

• <system drive>:\WINDOWS\system32\drivers\swin.sys or <system drive>:\WINDOWS\system32\drivers\swin1.sys file

• All files in the <system drive>:\Solidcore directory

• <system drive>:\Program Files\McAfee\Solidcore directory

• <system drive>:\Documents and Settings\All Users\Start Menu\Programs\McAfee\Solidifier directory

8 Delete the {432DB9E4‑6388‑432F‑9ADB‑61E8782F4593} registry key

For detailed information, refer to the 314481 article

9 If the software is listed in the Add or Remove Programs list, navigate to HKEY_CLASSES_ROOT\Installer\Products key and delete the entry corresponding for the software

How can I manually remove the Solidcore client in case of an unclean uninstallation on aLinux system?

Run the following commands to clean the Linux system.

# /etc/init.d/scsrvc stop # chkconfig ‑‑del /etc/init.d/scsrvc # rm ‑f /etc/init.d/scsrvc # rpm ‑e solidcoreS3 ‑‑noscripts # rpm ‑e solidcoreS3‑kmod ‑‑noscripts # rm ‑rf /opt/bitrock/solidcoreS3‑* # rm ‑rf /etc/mcafee # rm ‑rf /var/log/mcafee # rm ‑rf <install‑dir>/mcafee/ # rm ‑f /usr/sbin/sadmin

When trying to install the software on the Windows platform using a non‑administrativeuser account, I receive an error message?

When you try to install the software by using a non‑administrative user or standard user accountunder Administrators group, the following error message displays:Unable to save file C:\windows\Downloaded Installations\{D4BAC82D‑A01B‑47AC‑AFC9‑581EEBDD0F45}.

To successfully install the software, install using an account with administrative privileges.Alternatively, if the user is normal or standard user account under the Administrators group,right‑click on the installer file in Windows Explorer and select Run as Administrator.

I have upgraded the kernel on my Linux system. What do I need to do now to ensure theChange Control or Application Control software works on my system?

Starting with the 6.1.0 release, we have changed the installation workflow for the Linuxoperating system. In pre‑6.1.0 releases, product deployment support was limited due torequirement of pre‑compiled kernel modules specific to the underlying kernels. We have now:• Provided pre‑compiled binary files for a set of kernels and direct installation will occur

(without compilation) on these set of kernels. To review a list of the supported kernels, seeKB76544.

• Included capability to compile kernel modules for targets. If a pre‑compiled binary file isunavailable for a kernel, installation is supported through compilation. For compilation tooccur successfully, a build environment is required on the endpoint. For detailed informationon the build and packaging tools needed on the system, see the Review prerequisites section.

A FAQs


http://support.microsoft.com/kb/314481


After you boot with the new kernel on the Linux operating system, the software service (scsrvc)performs the needed checks and upgrades the software, if required. After you upgrade thekernel, review the build.log file stored in the /usr/local/mcafee/solidcore/dks directory toanalyze if compilation was successful for the kernel.

FAQs A


A FAQs


Index

Aabout this guide 5

Cconventions and icons used in this guide 5

Ddocumentation

audience for this guide 5product-specific, finding 6typographical conventions and icons 5

Ffrequently asked questions 33

MMcAfee ServicePortal, accessing 6

SServicePortal, finding product documentation 6

TTechnical Support, finding product information 6


00