Command overview

Here are all commands available for Application Control when using the command line interface (CLI).

In the OS column, these abbreviations indicate the supported operating systems.

  • L — Linux
  • W — Windows

In the Mode column, these abbreviations indicate the supported mode for the command.

  • E — Enabled mode
  • D — Disabled mode
  • U — Update mode
Table 1: Command details
Command Description Syntax OS Mode
attr Changes or lists the Application Control configuration attributes list. sadmin attr add -a filename1 ... filenameN L E, D, U
sadmin attr add -p filename1 ... filenameN
sadmin attr add -u filename1 ... filenameN
sadmin attr add -o parent= filename2 -p filename1
sadmin attr remove -a filename1 ... filenameN
sadmin attr remove -p filename1 ... filenameN
sadmin attr remove -u filename1 ... filenameN
sadmin attr list -a filename1 ... filenameN
sadmin attr list -p filename1 ... filenameN
sadmin attr list -u filename1 ... filenameN
sadmin attr flush -a
sadmin attr flush -p
sadmin attr flush -u
sadmin attr add -a filename1 ... filenameN W (32-bit) E, D, U
sadmin attr add -c filename1 ... filenameN
sadmin attr add -h filename1 ... filenameN
sadmin attr add -o parent= filename2 -i filename1
sadmin attr add -j filename1 ... filenameN
sadmin attr add -l filename1 ... filenameN
sadmin attr add -m filename1 ... filenameN
sadmin attr add -p filename1 ... filenameN
sadmin attr add -u filename1 ... filenameN
sadmin attr add -v filename1 ... filenameN (Windows 7 and later)
sadmin attr add -o parent= filename2 -p filename1
sadmin attr add -o module= modulename -v filename1 (Windows 7 and later)
sadmin attr remove -a filename1 ... filenameN
sadmin attr remove -c filename1 ... filenameN
sadmin attr remove -h filename1 ... filenameN
sadmin attr remove -i filename1 ... filenameN
sadmin attr remove -j filename1 ... filenameN
sadmin attr remove -l filename1 ... filenameN
sadmin attr remove -m filename1 ... filenameN
sadmin attr remove -p filename1 ... filenameN
sadmin attr remove -u filename1 ... filenameN
sadmin attr remove -v filename1 ... filenameN (Windows 7 and later)
sadmin attr list -a filename1 ... filenameN
sadmin attr list -c filename1 ... filenameN
sadmin attr list -h filename1 ... filenameN
sadmin attr list -i filename1 ... filenameN
sadmin attr list -j filename1 ... filenameN
sadmin attr list -l filename1 ... filenameN
sadmin attr list -m filename1 ... filenameN
sadmin attr list -p filename1 ... filenameN
sadmin attr list -u filename1 ... filenameN
sadmin attr list -v filename1 ... filenameN (Windows 7 and later)
sadmin attr flush -a
sadmin attr flush -c
sadmin attr flush -h
sadmin attr flush -i
sadmin attr flush -j
sadmin attr flush -l
sadmin attr flush -m
sadmin attr flush -p
sadmin attr flush -u
sadmin attr flush -v (Windows 7 and later)
sadmin attr add -a filename1 ... filenameN W (64-bit) E, D, U
sadmin attr add -c filename1 ... filenameN
sadmin attr add -h filename1 ... filenameN
sadmin attr add -o parent= filename2 -i filename1
sadmin attr add -j filename1 ... filenameN
sadmin attr add -m filename1 ... filenameN
sadmin attr add -n filename1 ... filenameN
sadmin attr add -n -y filename1 (Not available on Windows Server 2012)
sadmin attr add -p filename1 ... filenameN
sadmin attr add -u filename1 ... filenameN
sadmin attr add -v filename1 ... filenameN (Windows 7 and later)
sadmin attr add -o parent= filename2 -p filename1
sadmin attr add -o module= modulename -v filename1 (Windows 7 and later)
sadmin attr remove -a filename1 ... filenameN
sadmin attr remove -c filename1 ... filenameN
sadmin attr remove -h filename1 ... filenameN
sadmin attr remove -i filename1 ... filenameN
sadmin attr remove -j filename1 ... filenameN
sadmin attr remove -m filename1 ... filenameN
sadmin attr remove -n filename1 ... filenameN
sadmin attr remove -p filename1 ... filenameN
sadmin attr remove -u filename1 ... filenameN
sadmin attr remove -v filename1 ... filenameN (Windows 7 and later)
sadmin attr list -a filename1 ... filenameN
sadmin attr list -c filename1 ... filenameN
sadmin attr list -h filename1 ... filenameN
sadmin attr list -i filename1 ... filenameN
sadmin attr list -j filename1 ... filenameN
sadmin attr list -m filename1 ... filenameN
sadmin attr list -n filename1 ... filenameN
sadmin attr list -p filename1 ... filenameN
sadmin attr list -u filename1 ... filenameN
sadmin attr list -v filename1 ... filenameN (Windows 7 and later)
sadmin attr flush -a
sadmin attr flush -c
sadmin attr flush -h
sadmin attr flush -i
sadmin attr flush -j
sadmin attr flush -m
sadmin attr flush -n
sadmin attr flush -p
sadmin attr flush -u
sadmin attr flush -v (On Windows 7 and later)
auth Authorizes an application (executable, installer, or batch file) as a whitelist, or unauthorizes an application by adding to the blacklist. The application might be locally installed, invoked, or installed or invoked from a shared drive. sadmin auth -a -c checksum W E, D, U
sadmin auth -a [ -t rule id ] -c checksum
sadmin auth -a [ -t rule id ] [ -u ] -c checksum
sadmin auth -b -c checksum
sadmin auth -b [ -t rule id] -c checksum
sadmin auth -f
sadmin auth -l
sadmin auth -r checksum
begin-update (bu) Initiates the Update mode to help perform software updates and installations. sadmin begin-update [ workflow-id [ comment ]] L, W E, D
sadmin bu [ workflow-id [ comment ]]
cert Manages certificates for digitally signed files. You can add, remove, or list the certificates in the Application Control certificate store, which is a directory in the install directory <instlall_dir>/Certificates. sadmin cert add certificate_name W E, D, U
sadmin cert add -u certificate_name
sadmin cert add -c certificate_content
sadmin cert remove SHA-1
sadmin cert remove SHA-256
sadmin cert remove -c certificate_content
sadmin cert list
sadmin cert list -d
sadmin cert list -u
sadmin cert flush
check Validates and fixes the attributes of the specified file or files against the file inventory. sadmin check [ -r ] L, W E, D, U
sadmin check [ -r ] filename1 ... filenameN
sadmin check [ -r ] directoryname1 ... directorynameN
sadmin check [ -r ] volumename1 ... volumenameN
config Allows you to:
  • Export current configuration settings to a file.
  • Import configuration settings from a file to an existing installation.
sadmin config export filename L, W E, D, U
sadmin config import [ -a ] filename
sadmin config set name=value
sadmin config show
diag Runs diagnostics and offers suggestions on programs and applications to authorize (to perform updates). sadmin diag W E, U
sadmin diag fix [ -f ]
disable Activates the Disabled mode. Restart the system to make sure that the command is applied. On the Linux platform, if Application Control is in the Enabled mode, system restart is not required to apply this command. But, to uninstall the product, system restart is required. sadmin disable L, W E, U
enable Activates the Enabled mode. Restart the system to make sure that the command is applied. Or, restart the Application Control service to apply this command. But, the memory-protection feature will be available only after system restart. sadmin enable L, W D
end-update (eu) Ends the Update mode and activates the Enabled mode. sadmin end-update

sadmin eu

L, W U
event Configures the log targets (sinks) for generated events. sadmin event sink L, W E, D, U
sadmin event sink eventname sinkname
sadmin event sink -a { eventname | ALL } { sinkname | ALL }
sadmin event sink -r { eventname | ALL } { sinkname | ALL }
features Enables, disables, or lists the features on an existing installation. sadmin features enable featurename L, W E, D, U
sadmin features disable featurename
sadmin features list
help Provides information about basic commands. sadmin help L, W E, D, U
sadmin help [ command ]
help-advanced Provides information about advance commands. sadmin help-advanced L, W E, D, U
sadmin help-advanced [ command ]
license Adds or displays licensing information. sadmin license add licensekey L, W D
sadmin license list
list-solidified (ls) Lists the whitelisted files, directories, and volumes. sadmin list-solidified [ -l ]

sadmin ls [ -l ]

L, W E, D, U
sadmin list-solidified [ -l ] filename1 ... filenameN

sadmin ls [ -l ] filename1 ... filenameN

sadmin list-solidified [ -l ] directoryname1 ... directorynameN

sadmin ls [ -l ] directoryname1 ... directorynameN

sadmin list-solidified [ -l ] volumename1 ... volumenameN

sadmin ls [ -l ] volumename1 ... volumenameN

list-unsolidified (lu) Lists the files, directories, and volumes that are not whitelisted. sadmin list-unsolidified

sadmin lu

L, W E, D, U
sadmin list-unsolidified filename1 ... filenameN

sadmin lu filename1 ... filenameN

sadmin list-unsolidified directoryname1 ... directorynameN

sadmin lu directoryname1 ... directorynameN

sadmin list-unsolidified volumename1 ... volumenameN

sadmin lu volumename1 ... volumenameN

lockdown Disables the local command line interface. After lockdown, you can only issue the help, help‑advanced, status, version, and recover commands. sadmin lockdown L, W E, D, U
passwd Sets a password for the command line interface.

If the password is set, you must verify the password before executing critical commands.

Using sadmin passwd -d command removes the password.

sadmin passwd L, W E, D, U
sadmin passwd -d
read-protect (rp) Displays or changes the read protection rules. You must specify complete file or directory names with this command. sadmin read-protect -e pathname1 ... pathnameN L, W E, D, U
sadmin read-protect -i pathname1 ... pathnameN
sadmin read-protect -r pathname1 ... pathnameN
sadmin read-protect -f
sadmin read-protect -l
recover Recovers the local command line interface. sadmin recover L, W E, D, U

sadmin recover -f

ruleengine Specify rules on various attributes of a process whose execution is undetermined. This enables the user to allow, block, or monitor its execution. You can combine one or more unique attribute types in one rule using AND operator. sadmin ruleengine add allow processname command_line { matches | not matches } regex W E, D, U
sadmin ruleengine add allow processname { command_line | user | parent_process_name | path } { equals | not equals } string
sadmin ruleengine add block processname command_line { matches | not matches } regex
sadmin ruleengine add block processname { command_line | user | parent_process_name | path } { equals | not equals } string
sadmin ruleengine add monitor processname command_line { matches | not matches } regex
sadmin ruleengine add monitor processname { command_line | user | parent_process_name | path } { equals | not equals } string
sadmin ruleengine remove allow processname command_line { matches | not matches } regex
sadmin ruleengine remove allow processname { command_line | user | parent_process_name | path } { equals | not equals } string
sadmin ruleengine remove block processname command_line { matches | not matches } regex
sadmin ruleengine remove block processname { command_line | user | parent_process_name | path } { equals | not equals } string
sadmin ruleengine remove monitor processname command_line { matches | not matches } regex
sadmin ruleengine remove monitor processname { command_line | user | parent_process_name | path } { equals | not equals } string
sadmin ruleengine list
sadmin ruleengine flush
skiplist Bypasses a path component from a feature to remove the protection applied by that feature. You can also define skip rules to skip path components from the whitelist. Use caution and take advice from McAfee Support before applying skiplist rules because doing so can affect the core functionality of the product and might make your system vulnerable to security threats. For more information about skiplist rules, see Skip rules for path components chapter in McAfee Application Control 8.0.0 Product Guide for standalone mode. sadmin skiplist add -c pathname1 ... pathnameN W E, D, U
sadmin skiplist add -d pathname1 ... pathnameN
sadmin skiplist add -f pathname1 ... pathnameN
sadmin skiplist add -i pathname1 ... pathnameN
sadmin skiplist add -r pathname1 ... pathnameN
sadmin skiplist add -s pathname1 ... pathnameN
sadmin skiplist add -v pathname1 ... pathnameN
sadmin skiplist remove -c pathname1 ... pathnameN
sadmin skiplist remove -d pathname1 ... pathnameN
sadmin skiplist remove -f pathname1 ... pathnameN
sadmin skiplist remove -i pathname1 ... pathnameN
sadmin skiplist remove -r pathname1 ... pathnameN
sadmin skiplist remove -s pathname1 ... pathnameN
sadmin skiplist remove -v pathname1 ... pathnameN
sadmin skiplist list -c
sadmin skiplist list -d
sadmin skiplist list -f
sadmin skiplist list -i
sadmin skiplist list -r
sadmin skiplist list -s
sadmin skiplist list -v
sadmin skiplist flush -c
sadmin skiplist flush -d
sadmin skiplist flush -f
sadmin skiplist flush -i
sadmin skiplist flush -r
sadmin skiplist flush -s
sadmin skiplist flush -v
solidify (so) Adds specified files in a directory or system volume to the whitelist. sadmin solidify L, W E, D, U
sadmin so
sadmin solidify [ -q | -v ] filename1 ... filenameN
sadmin solidify [ -q | -v ] directoryname1 ... directorynameN
sadmin solidify [ -q | -v ] volumename1 ... volumenameN

For more information about this command, see McAfee Application Control 8.1.0 Product Guide for standalone mode.

status Displays the status of Application Control. You can view the operational mode, operational mode on system restart, connectivity with McAfee ePO, access status, and whitelist status of the local CLI. sadmin status L, W E, D, U
sadmin status volumename
trusted Identifies a local or remote share as a trusted file path, volume, or directory. You can include, exclude, remove, list, or flush the trusted volumes or directories. sadmin trusted -e pathname1 ... pathnameN L E, D, U
sadmin trusted -i pathname1 ... pathnameN
sadmin trusted -r pathname1 ... pathnameN
sadmin trusted -f
sadmin trusted -l
sadmin trusted -e volumesetname1 ... volumesetnameN W E, D, U
sadmin trusted -e pathname1 ... pathnameN
sadmin trusted -i volumesetname1 ... volumesetnameN
sadmin trusted -i pathname1 ... pathnameN
sadmin trusted -r volumesetname1 ... volumesetnameN
sadmin trusted -r pathname1 ... pathnameN
sadmin trusted -f
sadmin trusted -l
sadmin trusted -u <local or network path>
unsolidify (unso) Removes specified files from the whitelist. sadmin unsolidify [ -v ] filename1 ... filenameN L, W E, D, U
sadmin unsolidify [ -v ] directoryname1 ... directorynameN
sadmin unsolidify [ -v ] volumename1 ... volumenameN
updaters Adds, deletes, lists, or flushes programs from the list of authorized updaters. sadmin updaters add [ -d ] { binaryname } L E, D, U
sadmin updaters add [ -n ] { binaryname }
sadmin updaters add [ -p parent-programname ] { binaryname }
sadmin updaters add [ -t rule-id ] { binaryname }
sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] [ -p parent-programname ] { binaryname }
sadmin updaters remove { binaryname }
sadmin updaters remove [ -p parent-programname ] { binaryname }
sadmin updaters list
sadmin updaters flush
sadmin updaters add [ -d ] { binaryname } W E, D, U
sadmin updaters add [ -l libraryname ] { binaryname }
sadmin updaters add [ -n ] { binaryname }
sadmin updaters add [ -p parent-binaryname ] { binaryname }
sadmin updaters add [ -t rule-id ] { binaryname }
sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] [ -l libraryname ] { binaryname }
sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] [ -p parent-binaryname ] { binaryname }
sadmin updaters add [ -t rule-id ] -u username
sadmin updaters remove { binaryname }
sadmin updaters remove [ -l libraryname ] { binaryname }
sadmin updaters remove [ -p parent-binaryname ] { binaryname }
sadmin updaters remove -u username
sadmin updaters list
sadmin updaters flush
version Displays the version of the installed Application Control. sadmin version L, W E, D, U
write-protect (wp) Write-protects specified files including the whitelisted files. You must specify complete file or directory names with this command. sadmin write-protect -e pathname1 ... pathnameN L, W E, D, U
sadmin write-protect -i pathname1 ... pathnameN
sadmin write-protect -r pathname1 ... pathnameN
sadmin write-protect -f
sadmin write-protect -l
write-protect-reg (wpr) Write-protects specified registry keys including the whitelisted registry keys. sadmin write-protect-reg -e registrykeyname1 ... registrykeynameN W E, D, U
sadmin write-protect-reg -i registrykeyname1 ... registrykeynameN
sadmin write-protect-reg -r registrykeyname1 ... registrykeynameN
sadmin write-protect-reg -l
sadmin write-protect-reg -f