Allowlisting

Allowlisting design considerations:

  • Power Operation Servers, Client Access, View-only Clients, and Advanced Reporting have been validated using McAfee Application Control.
  • McAfee Allowlisting product documentation can be found on the McAfee website.
Application allowlisting

Zero Day cybersecurity attacks take place before a software vendor is aware of a cybersecurity exploit. This means that neither software nor anti-virus programs have been created or updated to protect against the zero-day threat or attack.

Application allowlisting is recommended to protect against Zero Day attacks. Application allowlisting proactively blocks unauthorized executable files on the PO Server than are not part of the allowlist, such as executable files, java apps, Active X controls, and scripts.

Power Operation has been validated with the McAfee Application Control allowlisting application.

NOTE: Allow the install to add a desktop shortcut; you need it for all interactions with Application Control. Also, before you run Application Control, make sure that you have installed all other software that you want on the computer.

Using Application Control

Right-click the desktop icon and select the Run As Administrator option.

First, you need to create and confirm the allowlist. To do this:

  1. Invoke the sadmin command line as an administrator and type the command sadmin solidify.

    2. This process can take some time to complete. When it is complete, you see a line telling you total files scanned and the number that are "solidified."

  2. Verify the allowlist with the command sadmin status.

    3. Verify that the allowlist status of drives or volumes is solidified.

  3. When this is complete, you need to enable the enforcement of the allowlist: type the command sadmin enable.
  4. Add updaters: Updaters are components for which you provide permission to update the system. Any program or script that will be able to update the system must be configured as an updater. To add an updater, enter on the command line:

    5. sadmin updaters add <xxx>

    where xxx is the name of the component

    For a complete discussion of updaters, see "Using Updaters" in the McAfee Product Guide (on the Power Operation installation disk, see McAfee Embedded Control > Documents > Product-Guide-v6.2.0)

When running in Enabled mode, Application Control can prevent a legitimate application from executing if the required rules are not defined. Application Control tracks all unsuccessful attempts made by authorized applications to modify protected files or run other executable files.

Review information for unsuccessful attempts

Do this to identify updater rules and allow legitimate applications to run successfully.

  1. Enter the command sadmin dia.
  2. To add the suggested updaters to the authorized list, use the command sadmin diag fix.

When you deploy Application Control, it scans the system and creates a allowlist of all executable binaries and scripts present on the system. The allowlist also includes hidden files and folders.

The allowlist lists all authorized files and determines trusted or known files. In Enabled mode, only files that are present in the allowlist can execute. All files in the allowlist are protected; you cannot change or delete them. An executable binary or script that is not in the allowlist is said to be "unauthorized," and it is prevented from running.

You can also use Application Control to help write-protect files, directories, drives or registry entries. Additionally, you can use it to read-protect files, directories, or drives. For more information about these applications, see the Product Guide.