McAfee Application Control 6.2.0 Command Line Interface Guide

advertisement
Command Line Interface Guide
McAfee Application Control 6.2.0
COPYRIGHT
Copyright © 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com
TRADEMARK ATTRIBUTIONS
Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee Active
Protection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,
McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfee
Total Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.
Other marks and brands may be claimed as the property of others.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A
FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
2
McAfee Application Control 6.2.0
Command Line Interface Guide
Contents
1
Application Control Command Line Interface reference
2
Argument details
McAfee Application Control 6.2.0
5
19
Command Line Interface Guide
3
Contents
4
McAfee Application Control 6.2.0
Command Line Interface Guide
1
Application Control Command Line
Interface reference
This section details all commands that are available for Application Control when using the command
line interface (CLI).
In the OS column, these abbreviations indicate the supported operating systems.
•
L — Linux
•
W — Windows
In the Mode column, these abbreviations indicate the supported mode for the command.
•
D — Disabled mode
•
E — Enabled mode
•
U — Update mode
Table 1-1
Command details
Command Description
attr
Modifies or lists the
Application Control
configuration attributes list.
Syntax
OS
Mode
sadmin attr add -a filename1 ...
filenameN
L
E, D, U
sadmin attr add -p filename1 ...
filenameN
sadmin attr add -u filename1 ...
filenameN
sadmin attr add -o parent=
filename2 -p filename1
sadmin attr remove -a
filename1 ... filenameN
sadmin attr remove -p
filename1 ... filenameN
sadmin attr remove -u
filename1 ... filenameN
sadmin attr list -a filename1 ...
filenameN
sadmin attr list -p filename1 ...
filenameN
sadmin attr list -u filename1 ...
filenameN
sadmin attr flush -a
McAfee Application Control 6.2.0
Command Line Interface Guide
5
1
Application Control Command Line Interface reference
Table 1-1
Command details (continued)
Command Description
Syntax
OS
Mode
sadmin attr flush -p
sadmin attr flush -u
sadmin attr add -a filename1 ...
filenameN
W (32-bit) E, D, U
sadmin attr add -b filename1 ...
filenameN
sadmin attr add -c filename1 ...
filenameN
sadmin attr add -d filename1 ...
filenameN (Windows XP and Windows
Server 2003 only)
sadmin attr add -e filename1 ...
filenameN (Windows XP and Windows
Server 2003 only)
sadmin attr add -f filename1 ...
filenameN
sadmin attr add -h filename1 ...
filenameN
sadmin attr add -o parent=
filename2 -i filename1
sadmin attr add -j filename1 ...
filenameN
sadmin attr add -l filename1 ...
filenameN
sadmin attr add -p filename1 ...
filenameN
sadmin attr add -r filename1 ...
filenameN (Windows XP and Windows
Server 2003 only)
sadmin attr add -u filename1 ...
filenameN
sadmin attr add -v filename1 ...
filenameN (Windows Vista and later)
sadmin attr add -o parent=
filename2 -p filename1
sadmin attr add -o module=
modulename -v filename1 (Windows
Vista and later)
sadmin attr remove -a
filename1 ... filenameN
sadmin attr remove -b
filename1 ... filenameN
sadmin attr remove -c
filename1 ... filenameN
6
McAfee Application Control 6.2.0
Command Line Interface Guide
Application Control Command Line Interface reference
Table 1-1
1
Command details (continued)
Command Description
Syntax
OS
Mode
sadmin attr remove -d
filename1 ... filenameN (Windows
XP and Windows Server 2003 only)
sadmin attr remove -e
filename1 ... filenameN (Windows
XP and Windows Server 2003 only)
sadmin attr remove -f
filename1 ... filenameN
sadmin attr remove -h
filename1 ... filenameN
sadmin attr remove -i
filename1 ... filenameN
sadmin attr remove -j
filename1 ... filenameN
sadmin attr remove -l
filename1 ... filenameN
sadmin attr remove -p
filename1 ... filenameN
sadmin attr remove -r
filename1 ... filenameN (Windows
XP and Windows Server 2003 only)
sadmin attr remove -u
filename1 ... filenameN
sadmin attr remove -v
filename1 ... filenameN (Windows
Vista and later)
sadmin attr list -a filename1 ...
filenameN
sadmin attr list -b filename1 ...
filenameN
sadmin attr list -c filename1 ...
filenameN
sadmin attr list -d filename1 ...
filenameN (Windows XP and Windows
Server 2003 only)
sadmin attr list -e filename1 ...
filenameN (Windows XP and Windows
Server 2003 only)
sadmin attr list -f filename1 ...
filenameN
sadmin attr list -h filename1 ...
filenameN
sadmin attr list -i filename1 ...
filenameN
McAfee Application Control 6.2.0
Command Line Interface Guide
7
1
Application Control Command Line Interface reference
Table 1-1
Command details (continued)
Command Description
Syntax
OS
Mode
sadmin attr list -j filename1 ...
filenameN
sadmin attr list -l filename1 ...
filenameN
sadmin attr list -p filename1 ...
filenameN
sadmin attr list -r filename1 ...
filenameN (Windows XP and Windows
Server 2003 only)
sadmin attr list -u filename1 ...
filenameN
sadmin attr list -v filename1 ...
filenameN (Windows Vista and later)
sadmin attr flush -a
sadmin attr flush -b
sadmin attr flush -c
sadmin attr flush -d (Windows XP
and Windows Server 2003 only)
sadmin attr flush -e (Windows XP
and Windows Server 2003 only)
sadmin attr flush -f
sadmin attr flush -h
sadmin attr flush -i
sadmin attr flush -j
sadmin attr flush -l
sadmin attr flush -p
sadmin attr flush -r (Windows XP
and Windows Server 2003 only)
sadmin attr flush -u
sadmin attr flush -v (Windows
Vista and later)
sadmin attr add -a filename1 ...
filenameN
W (64-bit) E, D, U
sadmin attr add -e filename1 ...
filenameN (Windows XP and Windows
Server 2003 only)
sadmin attr add -h filename1 ...
filenameN
8
McAfee Application Control 6.2.0
Command Line Interface Guide
Application Control Command Line Interface reference
Table 1-1
1
Command details (continued)
Command Description
Syntax
OS
Mode
sadmin attr add -o parent=
filename2 -i filename1
sadmin attr add -j filename1 ...
filenameN
sadmin attr add -n filename1 ...
filenameN
sadmin attr add -n -y filename1
(Not available on Windows Server
2012)
sadmin attr add -p filename1 ...
filenameN
sadmin attr add -r filename1 ...
filenameN (Windows XP and Windows
Server 2003 only)
sadmin attr add -u filename1 ...
filenameN
sadmin attr add -v filename1 ...
filenameN (Windows Vista and later)
sadmin attr add -o parent=
filename2 -p filename1
sadmin attr add -o module=
modulename -v filename1 (Windows
Vista and later)
sadmin attr remove -a
filename1 ... filenameN
sadmin attr remove -e
filename1 ... filenameN (Windows
XP and Windows Server 2003 only)
sadmin attr remove -h
filename1 ... filenameN
sadmin attr remove -i
filename1 ... filenameN
sadmin attr remove -j
filename1 ... filenameN
sadmin attr remove -n
filename1 ... filenameN
sadmin attr remove -p
filename1 ... filenameN
sadmin attr remove -r
filename1 ... filenameN (Windows
XP and Windows Server 2003 only)
sadmin attr remove -u
filename1 ... filenameN
McAfee Application Control 6.2.0
Command Line Interface Guide
9
1
Application Control Command Line Interface reference
Table 1-1
Command details (continued)
Command Description
Syntax
OS
Mode
sadmin attr remove -v
filename1 ... filenameN (Windows
Vista and later)
sadmin attr list -a filename1 ...
filenameN
sadmin attr list -e filename1 ...
filenameN (Windows XP and Windows
Server 2003 only)
sadmin attr list -h filename1 ...
filenameN
sadmin attr list -i filename1 ...
filenameN
sadmin attr list -j filename1 ...
filenameN
sadmin attr list -n filename1 ...
filenameN
sadmin attr list -p filename1 ...
filenameN
sadmin attr list -r filename1 ...
filenameN (Windows XP and Windows
Server 2003 only)
sadmin attr list -u filename1 ...
filenameN
sadmin attr list -v filename1 ...
filenameN (Windows Vista and later)
sadmin attr flush -a
sadmin attr flush -e (Windows XP
and Windows Server 2003 only)
sadmin attr flush -h
sadmin attr flush -i
sadmin attr flush -j
sadmin attr flush -n
sadmin attr flush -p
sadmin attr flush -r (Windows XP
and Windows Server 2003 only)
sadmin attr flush -u
sadmin attr flush -v (On Windows
Vista and later)
For more information about this command, see Configure memory-protection techniques
and Maintain your systems in McAfee Application Control 6.2.0 Product Guide for
standalone mode.
10
McAfee Application Control 6.2.0
Command Line Interface Guide
1
Application Control Command Line Interface reference
Table 1-1
Command details (continued)
Command Description
auth
Authorizes an application
(executable, installer, or
batch file) as a whitelist, or
unauthorizes an application
by adding to the blacklist.
The application might be
locally installed, invoked, or
installed or invoked from a
shared drive.
Syntax
OS
Mode
sadmin auth -a -c checksum
W
E, D, U
sadmin auth -a [ -t rule id ] -c
checksum
sadmin auth -a [ -t rule id ]
[ -u ] -c checksum
sadmin auth -b -c checksum
sadmin auth -b [ -t rule id] -c
checksum
sadmin auth -r checksum
sadmin auth -l
sadmin auth -f
For more information about this command, see Override Application Control protection in
McAfee Application Control 6.2.0 Product Guide for standalone mode.
begin-upd Initiates the Update mode
ate (bu) to help perform software
updates and installations.
sadmin begin-update [ workflow-id L, W
[ comment ]]
E, D
sadmin bu [ workflow-id
[ comment ]]
For more information about this command, see Maintain your systems in McAfee
Application Control 6.2.0 Product Guide for standalone mode.
cert
Manages certificates for
digitally signed files. You
can add, remove, or list the
certificates in the
Application Control
certificate store, which is a
directory within the install
directory <instlall_dir>/
Certificates.
sadmin cert add certificate_name
W
E, D, U
sadmin cert add -u
certificate_name
sadmin cert add -c
certificate_content
sadmin cert remove SHA1
sadmin cert remove -c
certificate_content
sadmin cert list
sadmin cert list -d
sadmin cert list -u
sadmin cert list [ -d | -u ]
sadmin cert flush
For more information about this command, see Override Application Control protection in
McAfee Application Control 6.2.0 Product Guide for standalone mode.
check
Validates and fixes the
attributes of the specified
file or files against the file
inventory.
McAfee Application Control 6.2.0
L, W
sadmin check [ -r ]
E, D, U
sadmin check [ -r ] filename1 ...
filenameN
Command Line Interface Guide
11
1
Application Control Command Line Interface reference
Table 1-1
Command details (continued)
Command Description
Syntax
OS
Mode
sadmin check [ -r ]
directoryname1 ... directorynameN
sadmin check [ -r ]
volumename1 ... volumenameN
For more information about this command, see Maintain your systems in McAfee
Application Control 6.2.0 Product Guide for standalone mode.
config
Allows you to:
sadmin config export filename
L, W
E, D, U
• Export current
sadmin config import [ -a ]
configuration settings to a
filename
file.
• Import configuration
settings from a file to an
existing installation.
sadmin config set name=value
sadmin config show
For more information about this command, see Configure advanced features in McAfee
Application Control 6.2.0 Product Guide for standalone mode.
diag
Runs diagnostics and offers
suggestions on programs
and applications to
authorize (to perform
updates).
sadmin diag
W
E, U
sadmin diag fix [ -f ]
For more information about this command, see Maintain your systems in McAfee
Application Control 6.2.0 Product Guide for standalone mode.
disable
Activates the Disabled
sadmin disable
mode. Restart the system
to make sure that the
command is applied. On the
Linux platform, if
Application Control is in the
Enabled mode, system
restart is not required to
apply this command.
However, to uninstall the
product, system restart is
required.
L, W
E, U
For more information about this command, see Maintain your systems in McAfee
Application Control 6.2.0 Product Guide for standalone mode.
enable
Activates the Enabled mode. sadmin enable
Restart the system to make
sure that the command is
applied. Alternatively,
restart the Application
Control service to apply this
command. However, the
memory-protection feature
will be available only after
system restart.
L, W
D
For more information about this command, see How do I deploy Application Control in
McAfee Application Control 6.2.0 Product Guide for standalone mode.
12
McAfee Application Control 6.2.0
Command Line Interface Guide
1
Application Control Command Line Interface reference
Table 1-1
Command details (continued)
Command Description
Syntax
end-updat Ends the Update mode and sadmin end-update
e (eu)
activates the Enabled mode.
sadmin eu
OS
Mode
L, W
U
For more information about this command, see Maintain your systems in McAfee
Application Control 6.2.0 Product Guide for standalone mode.
event
Configures the log targets
(sinks) for generated
events.
L, W
sadmin event sink
E, D, U
sadmin event sink eventname
sadmin event sink -a { eventname
| ALL } { sinkname | ALL }
sadmin event sink -r { eventname
| ALL } { sinkname | ALL }
For more information about this command, see Configure advanced features in McAfee
Application Control 6.2.0 Product Guide for standalone mode.
features
Enables, disables, or lists
the features on an existing
installation.
L, W
sadmin features [-d]
E, D, U
sadmin features enable
featurename
sadmin features disable
featurename
sadmin features list
For more information about this command, see Maintain your systems in McAfee
Application Control 6.2.0 Product Guide for standalone mode.
help
Provides information about
basic commands.
L, W
sadmin help
E, D, U
sadmin help [ command ]
For more information about this command, see Getting started in McAfee Application
Control 6.2.0 Product Guide for standalone mode.
help-adva Provides information about
nced
advance commands.
L, W
sadmin help-advanced
E, D, U
sadmin help-advanced [ command ]
For more information about this command, see Getting started in McAfee Application
Control 6.2.0 Product Guide for standalone mode.
license
Adds or displays licensing
information.
sadmin license add licensekey
L, W
D
sadmin license list
For more information about this command, see How do I deploy Application Control in
McAfee Application Control 6.2.0 Product Guide for standalone mode.
list-soli Lists the whitelisted files,
dified
directories, and volumes.
(ls)
sadmin list-solidified [ -l ]
L, W
E, D, U
sadmin ls [ -l ]
sadmin list-solidified [ -l ]
filename1 ... filenameN
sadmin ls [ -l ] filename1 ...
filenameN
McAfee Application Control 6.2.0
Command Line Interface Guide
13
1
Application Control Command Line Interface reference
Table 1-1
Command details (continued)
Command Description
Syntax
OS
Mode
sadmin list-solidified [ -l ]
directoryname1 ... directorynameN
sadmin ls [ -l ]
directoryname1 ... directorynameN
sadmin list-solidified [ -l ]
volumename1 ... volumenameN
sadmin ls [ -l ] volumename1 ...
volumenameN
For more information about this command, see Maintain your systems in McAfee
Application Control 6.2.0 Product Guide for standalone mode.
list-unso Lists the files, directories,
lidified and volumes that are not
(lu)
whitelisted.
sadmin list-unsolidified
L, W
E, D, U
sadmin lu
sadmin list-unsolidified
filename1 ... filenameN
sadmin lu filename1 ... filenameN
sadmin list-unsolidified
directoryname1 ... directorynameN
sadmin lu directoryname1 ...
directorynameN
sadmin list-unsolidified
volumename1 ... volumenameN
sadmin lu volumename1 ...
volumenameN
For more information about this command, see Maintain your systems in McAfee
Application Control 6.2.0 Product Guide for standalone mode.
lockdown
Disables the local command sadmin lockdown
line interface. After
lockdown, you can only
issue the help,
help‑advanced, status,
version, and recover
commands.
L, W
E, D, U
passwd
Sets a password for the
command line interface.
L, W
E, D, U
If the password is set, you
must verify the password
before executing critical
commands.
sadmin passwd
sadmin passwd -d
Using sadmin passwd -d
command removes the
password.
For more information about this command, see Configure advanced features in McAfee
Application Control 6.2.0 Product Guide for standalone mode.
14
McAfee Application Control 6.2.0
Command Line Interface Guide
1
Application Control Command Line Interface reference
Table 1-1
Command details (continued)
Command Description
Syntax
OS
Mode
read-prot Displays or modifies the
ect (rp) read-protection rules. You
must specify complete file
or directory names with this
command.
For more information about
rp command, see Protect
the file system components
chapter in the McAfee
Application Control Product
Guide for standalone 6.2.0.
sadmin read-protect -i
pathname1 ... pathnameN
L, W
E, D, U
sadmin read-protect -e
pathname1 ... pathnameN
sadmin read-protect -r
pathname1 ... pathnameN
sadmin read-protect -l
sadmin read-protect -f
For more information about this command, see Protect the file system components in
McAfee Application Control 6.2.0 Product Guide for standalone mode.
recover
Recovers the local
command line interface.
sadmin recover
L, W
E, D, U
L, W
E, D, U
sadmin recover -f
solidify
(so)
Adds specified files in a
directory or system volume
to the whitelist.
sadmin solidify [ -q | -v ]
sadmin solidify [ -q | -v ]
filename1 ... filenameN
sadmin solidify [ -q | -v ]
directoryname1 ... directorynameN
sadmin solidify [ -q | -v ]
volumename1 ... volumenameN
For more information about this command, see How do I deploy Application Control in
McAfee Application Control 6.2.0 Product Guide for standalone mode.
status
Displays the status of
sadmin status
Application Control. You can
view the operational mode, sadmin status volumename
operational mode on system
restart, connectivity with
McAfee ePolicy
Orchestrator (McAfee
ePO ) , access status, and
whitelist status of the local
CLI.
L, W
E, D, U
®
®
™
For more information about this command, see How do I deploy Application Control in
McAfee Application Control 6.2.0 Product Guide for standalone mode.
trusted
Identifies a local or remote
share as a trusted volume
or directory. You can
include, exclude, remove,
list, or flush the trusted
volumes or directories.
sadmin trusted -i pathname1 ...
pathnameN
L
E, D, U
sadmin trusted -e pathname1 ...
pathnameN
sadmin trusted -r pathname1 ...
pathnameN
sadmin trusted -l
sadmin trusted -f
McAfee Application Control 6.2.0
Command Line Interface Guide
15
1
Application Control Command Line Interface reference
Table 1-1
Command details (continued)
Command Description
Syntax
OS
W
sadmin trusted -i
volumesetname1 ... volumesetnameN
Mode
E, D, U
sadmin trusted -i pathname1 ...
pathnameN
sadmin trusted -e
volumesetname1 ... volumesetnameN
sadmin trusted -e pathname1 ...
pathnameN
sadmin trusted -r
volumesetname1 ... volumesetnameN
sadmin trusted -r pathname1 ...
pathnameN
sadmin trusted -l
sadmin trusted -f
sadmin trusted -u <network path>
For more information about this command, see Override Application Control protection in
McAfee Application Control 6.2.0 Product Guide for standalone mode.
unsolidif Removes specified
y (unso) whitelisted files from the
whitelist.
sadmin unsolidify [ -v ]
L, W
E, D, U
sadmin unsolidify [ -v ]
filename1 ... filenameN
sadmin unsolidify [ -v ]
directoryname1 ... directorynameN
sadmin unsolidify [ -v ]
volumename1 ... volumenameN
For more information about this command, see Maintain your systems in McAfee
Application Control 6.2.0 Product Guide for standalone mode.
updaters
Adds, deletes, lists, or
flushes programs from the
list of authorized updaters.
sadmin updaters add [ -d ]
{ binaryname }
L
sadmin updaters add [ -n ]
{ binaryname }
sadmin updaters add [ -p
parent-programname ]
{ binaryname }
sadmin updaters add [ -t
rule-id ] { binaryname }
sadmin updaters add [ -d ] [ -n ]
[ -t rule-id ] [ -p
parent-programname ]
{ binaryname }
sadmin updaters remove
{ binaryname }
16
McAfee Application Control 6.2.0
Command Line Interface Guide
E, D, U
1
Application Control Command Line Interface reference
Table 1-1
Command details (continued)
Command Description
Syntax
OS
Mode
W
E, D, U
sadmin updaters remove [ -p
parent-programname ]
{ binaryname }
sadmin updaters list
sadmin updaters flush
sadmin updaters add [ -d ]
{ binaryname }
sadmin updaters add [ -l
libraryname ] { binaryname }
sadmin updaters add [ -n ]
{ binaryname }
sadmin updaters add [ -p
parent-binaryname ]
{ binaryname }
sadmin updaters add [ -t
rule-id ] { binaryname }
sadmin updaters add [ -d ] [ -n ]
[ -t rule-id ] [ -l libraryname ]
{ binaryname }
sadmin updaters add [ -d ] [ -n ]
[ -t rule-id ] [ -p
parent-binaryname ]
{ binaryname }
sadmin updaters add [ -t
rule-id ] -u username
sadmin updaters remove
{ binaryname }
sadmin updaters remove [ -l
libraryname ] { binaryname }
sadmin updaters remove [ -p
parent-binaryname ]
{ binaryname }
sadmin updaters remove -u
username
sadmin updaters list
sadmin updaters flush
For more information about this command, see Override Application Control protection in
McAfee Application Control 6.2.0 Product Guide for standalone mode.
version
Displays the version of the
installed Application Control
sadmin version
L, W
E, D, U
For more information about this command, see How do I deploy Application Control in
McAfee Application Control 6.2.0 Product Guide for standalone mode.
McAfee Application Control 6.2.0
Command Line Interface Guide
17
1
Application Control Command Line Interface reference
Table 1-1
Command details (continued)
Command Description
Syntax
OS
Mode
write-pro Write-protects specified files
tect (wp) including the whitelisted
files. You must specify
complete file or directory
names with this command.
sadmin write-protect -i
pathname1 ... pathnameN
L, W
E, D, U
sadmin write-protect -e
pathname1 ... pathnameN
sadmin write-protect -r
pathname1 ... pathnameN
sadmin write-protect -l
sadmin write-protect -f
For more information about this command, see Protect the file system components in
McAfee Application Control 6.2.0 Product Guide for standalone mode.
write-pro Write-protects specified
tect-reg registry keys including the
(wpr)
whitelisted registry keys.
sadmin write-protect-reg -i
registrykeyname1 ...
registrykeynameN
W
E, D, U
sadmin write-protect-reg -e
registrykeyname1 ...
registrykeynameN
sadmin write-protect-reg -r
registrykeyname1 ...
registrykeynameN
sadmin write-protect-reg -l
sadmin
write-protect-r
eg -f
For more information about this command, see Protect the file system components in
McAfee Application Control 6.2.0 Product Guide for standalone mode.
18
McAfee Application Control 6.2.0
Command Line Interface Guide
2
Argument details
This table lists the commands with the supported arguments and their description. In the Argument
column, the supported arguments for the commands are listed in alphabetical order.
You can use -z argument to prevent the system from prompting for the password. This argument can
be used in all CLI commands to provide the CLI password (so that the system does not prompt for
password). For example, if the CLI password is set and you issue the sadmin wp -i abc.txt
command, the system immediately prompts you for the password. Using the -z argument, you can
issue the sadmin wp -z <password> -i abc.txt command to provide the password with the issued
command.
Table 2-1
Argument details
Command
Argument
Description
attr
-a
Always authorizes by file name. This is a deprecated
technique. For more information, contact McAfee Support.
-b
Configures the bypass, restore, list, and flush rules for a
component protected using the Mangling technique. This is
a deprecated technique. For more information, contact
McAfee Support.
-c
Configures the bypass, restore, list, and flush rules for a
component protected using the Critical Address Space
Protection technique.
-d
Configures the bypass, restore, list, and flush rules for a
component protected using the mp-vasr-randomization
technique.
-e
Configures the add, remove, list, and flush rules for a
component protected using the mp-vasr-rebasing
technique.
-f
Bypasses from full crawl attribute. This is a deprecated
technique. For more information, contact McAfee Support.
-h
Adds a binary to MP Compat protection.
-i
Configures the bypass, restore, list, and flush rules for a
binary using the Package Control feature.
-j
Bypasses a binary from MP Compat protection.
-l
Configures the bypass, restore, list, and flush rules for a
component using the Anti-Debugging technique. This is a
deprecated technique. For more information, contact
McAfee Support.
-n
Configures the bypass, restore, list, and flush rules for a
component using the mp-nx technique.
-y
Includes child processes for a component to be bypassed
using the mp-nx technique. This argument can only be
specified with the -n argument.
McAfee Application Control 6.2.0
Command Line Interface Guide
19
2
Argument details
Table 2-1
Argument details (continued)
Command
auth
begin-update (bu)
Argument
Description
-o
Indicates to specify the DLL module name for a specified
process. This argument can be used with -p, -v, and -i
arguments. On the Linux platform, use this argument to
specify the parent program for the -p attribute.
-p
Bypasses from process context file operations attribute.
-r
Configures the bypass, restore, list, and flush tasks for a
component using the mp-vasr-relocation technique.
-u
Always unauthorizes by file name. This is a deprecated
technique. For more information, contact McAfee Support.
-v
Bypasses from Forced DLL relocation attribute.
-a
Authorizes a binary using the checksum value.
-b
Bans a binary using the checksum value.
-c
Specifies the checksum value.
-f
Flushes all authorized or banned binaries.
-l
Lists all authorized and banned binaries.
-r
Removes the authorized or banned binaries.
-t
Includes the associated tag name for a binary to be
banned.
-u
Authorizes a binary and also provides updater privileges
when used with the -a and -c arguments.
workflow-id Indicates to specify an ID while switching to the Update
mode. This ID can be used for tracking purposes in a
change management for ticketing system.
comment
Indicates to use a descriptive text for the workflow ID.
-c
Specifies the certificate content as trusted.
-d
Lists all details of the issuer and subject of the certificates
added to the system.
-u
Provides updater privileges to a certificate that is added as
a trusted certificate or list the trusted certificates with
updater privileges.
check
-r
Fixes any inconsistencies that are encountered.
config
-a
Appends the configuration values.
diag
-f
Applies the diagnosed configuration changes for the
restricted programs, such as winlogon.exe and svchost
.exe.
disable
NA
NA
enable
NA
NA
end-update (eu)
NA
NA
event
-a
Adds sinks to the specified event.
-r
Removes sinks from the specified event.
-d
Lists all features (including the hidden features).
cert
features
For more information, contact McAfee Support.
help
20
McAfee Application Control 6.2.0
NA
NA
Command Line Interface Guide
2
Argument details
Table 2-1
Argument details (continued)
Command
Argument
Description
help-advanced
NA
NA
license
NA
NA
list-solidified (ls)
-l
Lists details of the whitelisted files.
list-unsolidified (lu) NA
NA
lockdown
NA
NA
passwd
-d
Removes the password for using Application Control.
read-protect (rp)
-e
Excludes specific components from a read-protected
directory, or volume.
-f
Flushes all components from read protection.
-i
Includes files, directories, or volumes for read protection.
-l
Lists the read-protected components.
-r
Removes read‑protection applied to files, directories, or
volumes.
recover
-f
Forcefully aborts the McAfee ePO command and recover
the local CLI.
solidify (so)
-q
Suppresses all output except for errors.
-v
Displays all the processed components.
status
NA
NA
trusted
-e
Excludes one or more specified paths to the directories or
volumes from a list of trusted directories or volumes.
-f
Removes all directories and volumes from the trusted rule.
-i
Adds one or more specified paths to the directories or
volumes as trusted directories or volumes.
-l
Lists all trusted directories and volumes.
-r
Removes the specified directories or volumes from the
trusted rule.
-u
Provides updater privileges to all binaries and scripts in the
trusted directories or volumes.
unsolidify (unso)
-v
Displays all the processed components.
updaters
-d
Excludes the child processes of a binary file to be added as
an updater from inheriting the updater privileges.
-l
Includes the library name for an execution file to be added
as an updater (for Windows).
-n
Disables event logging for a file to be added as an updater.
-p
Adds a file as an updater only when it is started by
specified parent process.
-t
Performs these operations:
• Includes the tags for a file to be added as an updater.
• Adds a user with a tag name as an updater.
version
McAfee Application Control 6.2.0
-u
Adds a user as an updater (for Windows).
NA
NA
Command Line Interface Guide
21
2
Argument details
Table 2-1
Argument details (continued)
Command
Argument
Description
write-protect (wp)
-e
Excludes specific components from a write-protected
directory or volume.
-f
Flushes all components from write protection.
-i
Write-protects files, directories, or volumes.
-l
Lists the write-protected components.
-r
Removes write protection applied to files, directories, or
volumes.
-e
Excludes one or more registry keys from write protection.
-f
Flushes all registry keys from write protection. Flushing
the registry keys from write protection removes all
write‑protection rules applied to the registry keys.
-i
Write‑protects registry keys.
-l
Lists all write-protected registry keys.
-r
Removes write protection from one or more registry keys.
write-protect-reg
(wpr)
22
McAfee Application Control 6.2.0
Command Line Interface Guide
00
Download