| attr
|
Changes or lists the
Application Control configuration attributes list.
|
sadmin attr add -a filename1 ... filenameN
|
L
|
E, D, U
|
|
sadmin attr add -p filename1 ... filenameN
|
|
sadmin attr add -u filename1 ... filenameN
|
|
sadmin attr add -o parent= filename2 -p filename1
|
|
sadmin attr remove -a filename1 ... filenameN
|
|
sadmin attr remove -p filename1 ... filenameN
|
|
sadmin attr remove -u filename1 ... filenameN
|
|
sadmin attr list -a filename1 ... filenameN
|
|
sadmin attr list -p filename1 ... filenameN
|
|
sadmin attr list -u filename1 ... filenameN
|
|
sadmin attr flush -a
|
|
sadmin attr flush -p
|
|
sadmin attr flush -u
|
|
sadmin attr add -a filename1 ... filenameN
|
W (32-bit)
|
E, D, U
|
|
sadmin attr add -c filename1 ... filenameN
|
|
sadmin attr add -h filename1 ... filenameN
|
|
sadmin attr add -o parent= filename2 -i filename1
|
|
sadmin attr add -j filename1 ... filenameN
|
|
sadmin attr add -l filename1 ... filenameN
|
| sadmin attr add -m filename1 ... filenameN
|
|
sadmin attr add -p filename1 ... filenameN
|
|
sadmin attr add -u filename1 ... filenameN
|
| sadmin attr add -v filename1 ... filenameN (Windows 7 and later)
|
|
sadmin attr add -o parent= filename2 -p filename1
|
| sadmin attr add -o module= modulename -v filename1 (Windows 7 and later)
|
|
sadmin attr remove -a filename1 ... filenameN
|
|
sadmin attr remove -c filename1 ... filenameN
|
|
sadmin attr remove -h filename1 ... filenameN
|
|
sadmin attr remove -i filename1 ... filenameN
|
|
sadmin attr remove -j filename1 ... filenameN
|
|
sadmin attr remove -l filename1 ... filenameN
|
| sadmin attr remove -m filename1 ... filenameN
|
|
sadmin attr remove -p filename1 ... filenameN
|
|
sadmin attr remove -u filename1 ... filenameN
|
| sadmin attr remove -v filename1 ... filenameN (Windows 7 and later)
|
|
sadmin attr list -a filename1 ... filenameN
|
|
sadmin attr list -c filename1 ... filenameN
|
|
sadmin attr list -h filename1 ... filenameN
|
|
sadmin attr list -i filename1 ... filenameN
|
|
sadmin attr list -j filename1 ... filenameN
|
|
sadmin attr list -l filename1 ... filenameN
|
| sadmin attr list -m filename1 ... filenameN
|
|
sadmin attr list -p filename1 ... filenameN
|
|
sadmin attr list -u filename1 ... filenameN
|
| sadmin attr list -v filename1 ... filenameN (Windows 7 and later)
|
|
sadmin attr flush -a
|
|
sadmin attr flush -c
|
|
sadmin attr flush -h
|
|
sadmin attr flush -i
|
|
sadmin attr flush -j
|
|
sadmin attr flush -l
|
|
sadmin attr flush -m
|
|
sadmin attr flush -p
|
|
sadmin attr flush -u
|
| sadmin attr flush -v (Windows 7 and later)
|
|
sadmin attr add -a filename1 ... filenameN
|
W (64-bit)
|
E, D, U
|
|
sadmin attr add -c filename1 ... filenameN
|
|
sadmin attr add -h filename1 ... filenameN
|
|
sadmin attr add -o parent= filename2 -i filename1
|
|
sadmin attr add -j filename1 ... filenameN
|
| sadmin attr add -m filename1 ... filenameN
|
|
sadmin attr add -n filename1 ... filenameN
|
|
sadmin attr add -n -y filename1 (Not available on Windows Server 2012)
|
|
sadmin attr add -p filename1 ... filenameN
|
|
sadmin attr add -u filename1 ... filenameN
|
|
sadmin attr add -v filename1 ... filenameN (Windows 7 and later)
|
|
sadmin attr add -o parent= filename2 -p filename1
|
|
sadmin attr add -o module= modulename -v filename1 (Windows 7 and later)
|
|
sadmin attr remove -a filename1 ... filenameN
|
|
sadmin attr remove -c filename1 ... filenameN
|
|
sadmin attr remove -h filename1 ... filenameN
|
|
sadmin attr remove -i filename1 ... filenameN
|
|
sadmin attr remove -j filename1 ... filenameN
|
| sadmin attr remove -m filename1 ... filenameN
|
|
sadmin attr remove -n filename1 ... filenameN
|
|
sadmin attr remove -p filename1 ... filenameN
|
|
sadmin attr remove -u filename1 ... filenameN
|
|
sadmin attr remove -v filename1 ... filenameN (Windows 7 and later)
|
|
sadmin attr list -a filename1 ... filenameN
|
|
sadmin attr list -c filename1 ... filenameN
|
|
sadmin attr list -h filename1 ... filenameN
|
|
sadmin attr list -i filename1 ... filenameN
|
|
sadmin attr list -j filename1 ... filenameN
|
| sadmin attr list -m filename1 ... filenameN
|
|
sadmin attr list -n filename1 ... filenameN
|
|
sadmin attr list -p filename1 ... filenameN
|
|
sadmin attr list -u filename1 ... filenameN
|
|
sadmin attr list -v filename1 ... filenameN (Windows 7 and later)
|
|
sadmin attr flush -a
|
|
sadmin attr flush -c
|
|
sadmin attr flush -h
|
|
sadmin attr flush -i
|
|
sadmin attr flush -j
|
| sadmin attr flush -m
|
|
sadmin attr flush -n
|
|
sadmin attr flush -p
|
|
sadmin attr flush -u
|
|
sadmin attr flush -v (On Windows 7 and later)
|
| auth
|
Authorizes an application (executable, installer, or batch file) as a whitelist, or unauthorizes an application by adding to the blacklist. The application might be locally installed, invoked, or installed or invoked from a shared drive.
|
sadmin auth -a -c checksum
|
W
|
E, D, U
|
|
sadmin auth -a [ -t rule id ] -c checksum
|
|
sadmin auth -a [ -t rule id ] [ -u ] -c checksum
|
|
sadmin auth -b -c checksum
|
|
sadmin auth -b [ -t rule id] -c checksum
|
|
sadmin auth -f
|
|
sadmin auth -l
|
|
sadmin auth -r checksum
|
| begin-update (bu)
|
Initiates the Update mode to help perform software updates and installations.
|
sadmin begin-update [ workflow-id [ comment ]]
|
L, W
|
E, D
|
|
sadmin bu [ workflow-id [ comment ]]
|
| cert
|
Manages certificates for digitally signed files. You can add, remove, or list the certificates in the
Application Control certificate store, which is a directory in the install directory
<instlall_dir>/Certificates.
|
sadmin cert add certificate_name
|
W
|
E, D, U
|
|
sadmin cert add -u certificate_name
|
|
sadmin cert add -c certificate_content
|
|
sadmin cert remove SHA-1
|
|
sadmin cert remove SHA-256
|
|
sadmin cert remove -c certificate_content
|
|
sadmin cert list
|
|
sadmin cert list -d
|
|
sadmin cert list -u
|
|
sadmin cert flush
|
| check
|
Validates and fixes the attributes of the specified file or files against the file inventory.
|
sadmin check [ -r ]
|
L, W
|
E, D, U
|
|
sadmin check [ -r ] filename1 ... filenameN
|
|
sadmin check [ -r ] directoryname1 ... directorynameN
|
|
sadmin check [ -r ] volumename1 ... volumenameN
|
| config
|
Allows you to:
- Export current configuration settings to a file.
- Import configuration settings from a file to an existing installation.
|
sadmin config export filename
|
L, W
|
E, D, U
|
|
sadmin config import [ -a ] filename
|
|
sadmin config set name=value
|
|
sadmin config show
|
| diag
|
Runs diagnostics and offers suggestions on programs and applications to authorize (to perform updates).
|
sadmin diag
|
W
|
E, U
|
|
sadmin diag fix [ -f ]
|
| disable
|
Activates the Disabled mode. Restart the system to make sure that the command is applied. On the Linux platform, if
Application Control is in the Enabled mode, system restart is not required to apply this command. But, to uninstall the product, system restart is required.
|
sadmin disable
|
L, W
|
E, U
|
| enable
|
Activates the Enabled mode. Restart the system to make sure that the command is applied. Or, restart the
Application Control service to apply this command. But, the memory-protection feature will be available only after system restart.
|
sadmin enable
|
L, W
|
D
|
| end-update (eu)
|
Ends the Update mode and activates the Enabled mode.
|
sadmin end-update
sadmin eu
|
L, W
|
U
|
| event
|
Configures the log targets (sinks) for generated events.
|
sadmin event sink
|
L, W
|
E, D, U
|
|
sadmin event sink eventname sinkname
|
|
sadmin event sink -a { eventname | ALL } { sinkname | ALL }
|
|
sadmin event sink -r { eventname | ALL } { sinkname | ALL }
|
| features
|
Enables, disables, or lists the features on an existing installation.
|
sadmin features enable featurename
|
L, W
|
E, D, U
|
|
sadmin features disable featurename
|
|
sadmin features list
|
| help
|
Provides information about basic commands.
|
sadmin help
|
L, W
|
E, D, U
|
|
sadmin help [ command ]
|
| help-advanced
|
Provides information about advance commands.
|
sadmin help-advanced
|
L, W
|
E, D, U
|
|
sadmin help-advanced [ command ]
|
| license
|
Adds or displays licensing information.
|
sadmin license add licensekey
|
L, W
|
D
|
|
sadmin license list
|
| list-solidified (ls)
|
Lists the whitelisted files, directories, and volumes.
|
sadmin list-solidified [ -l ]
sadmin ls [ -l ]
|
L, W
|
E, D, U
|
|
sadmin list-solidified [ -l ] filename1 ... filenameN
sadmin ls [ -l ] filename1 ... filenameN
|
|
sadmin list-solidified [ -l ] directoryname1 ... directorynameN
sadmin ls [ -l ] directoryname1 ... directorynameN
|
|
sadmin list-solidified [ -l ] volumename1 ... volumenameN
sadmin ls [ -l ] volumename1 ... volumenameN
|
| list-unsolidified (lu)
|
Lists the files, directories, and volumes that are not whitelisted.
|
sadmin list-unsolidified
sadmin lu
|
L, W
|
E, D, U
|
|
sadmin list-unsolidified filename1 ... filenameN
sadmin lu filename1 ... filenameN
|
|
sadmin list-unsolidified directoryname1 ... directorynameN
sadmin lu directoryname1 ... directorynameN
|
|
sadmin list-unsolidified volumename1 ... volumenameN
sadmin lu volumename1 ... volumenameN
|
| lockdown
|
Disables the local command line interface. After lockdown, you can only issue the help, help‑advanced, status, version, and recover commands.
|
sadmin lockdown
|
L, W
|
E, D, U
|
| passwd
|
Sets a password for the command line interface.
If the password is set, you must verify the password before executing critical commands.
Using
sadmin passwd -d command removes the password.
|
sadmin passwd
|
L, W
|
E, D, U
|
|
sadmin passwd -d
|
| read-protect (rp)
|
Displays or changes the read protection rules. You must specify complete file or directory names with this command.
|
sadmin read-protect -e pathname1 ... pathnameN
|
L, W
|
E, D, U
|
|
sadmin read-protect -i pathname1 ... pathnameN
|
|
sadmin read-protect -r pathname1 ... pathnameN
|
|
sadmin read-protect -f
|
|
sadmin read-protect -l
|
| recover
|
Recovers the local command line interface.
|
sadmin recover
|
L, W
|
E, D, U
|
|
sadmin recover -f
|
| ruleengine
|
Specify rules on various attributes of a process whose execution is undetermined. This enables the user to allow, block, or monitor its execution. You can combine one or more unique attribute types in one rule using
AND operator.
|
sadmin ruleengine add allow processname command_line { matches | not matches } regex
|
W
|
E, D, U
|
| sadmin ruleengine add allow processname { command_line | user | parent_process_name | path } { equals | not equals } string
|
|
sadmin ruleengine add block processname command_line { matches | not matches } regex
|
| sadmin ruleengine add block processname { command_line | user | parent_process_name | path } { equals | not equals } string
|
|
sadmin ruleengine add monitor processname command_line { matches | not matches } regex
|
| sadmin ruleengine add monitor processname { command_line | user | parent_process_name | path } { equals | not equals } string
|
|
sadmin ruleengine remove allow processname command_line { matches | not matches } regex
|
| sadmin ruleengine remove allow processname { command_line | user | parent_process_name | path } { equals | not equals } string
|
|
sadmin ruleengine remove block processname command_line { matches | not matches } regex
|
| sadmin ruleengine remove block processname { command_line | user | parent_process_name | path } { equals | not equals } string
|
|
sadmin ruleengine remove monitor processname command_line { matches | not matches } regex
|
| sadmin ruleengine remove monitor processname { command_line | user | parent_process_name | path } { equals | not equals } string
|
| sadmin ruleengine list
|
| sadmin ruleengine flush
|
| skiplist
|
Bypasses a path component from a feature to remove the protection applied by that feature. You can also define skip rules to skip path components from the whitelist. Use caution and take advice from
McAfee Support before applying skiplist rules because doing so can affect the core functionality of the product and might make your system vulnerable to security threats. For more information about skiplist rules, see
Skip rules for path components chapter in
McAfee
Application Control 8.0.0 Product Guide for standalone mode.
|
sadmin skiplist add -c pathname1 ... pathnameN
|
W
|
E, D, U
|
| sadmin skiplist add -d pathname1 ... pathnameN
|
| sadmin skiplist add -f pathname1 ... pathnameN
|
| sadmin skiplist add -i pathname1 ... pathnameN
|
| sadmin skiplist add -r pathname1 ... pathnameN
|
| sadmin skiplist add -s pathname1 ... pathnameN
|
| sadmin skiplist add -v pathname1 ... pathnameN
|
| sadmin skiplist remove -c pathname1 ... pathnameN
|
| sadmin skiplist remove -d pathname1 ... pathnameN
|
| sadmin skiplist remove -f pathname1 ... pathnameN
|
| sadmin skiplist remove -i pathname1 ... pathnameN
|
| sadmin skiplist remove -r pathname1 ... pathnameN
|
| sadmin skiplist remove -s pathname1 ... pathnameN
|
| sadmin skiplist remove -v pathname1 ... pathnameN
|
| sadmin skiplist list -c
|
| sadmin skiplist list -d
|
| sadmin skiplist list -f
|
| sadmin skiplist list -i
|
| sadmin skiplist list -r
|
| sadmin skiplist list -s
|
| sadmin skiplist list -v
|
| sadmin skiplist flush -c
|
| sadmin skiplist flush -d
|
| sadmin skiplist flush -f
|
| sadmin skiplist flush -i
|
| sadmin skiplist flush -r
|
| sadmin skiplist flush -s
|
| sadmin skiplist flush -v
|
| solidify (so)
|
Adds specified files in a directory or system volume to the whitelist.
|
sadmin solidify
|
L, W
|
E, D, U
|
|
sadmin so
|
|
sadmin solidify [ -q | -v ] filename1 ... filenameN
|
|
sadmin solidify [ -q | -v ] directoryname1 ... directorynameN
|
|
sadmin solidify [ -q | -v ] volumename1 ... volumenameN
For more information about this command, see
McAfee
Application Control 8.1.0 Product Guide for standalone mode.
|
| status
|
Displays the status of
Application Control. You can view the operational mode, operational mode on system restart, connectivity with
McAfee ePO, access status, and whitelist status of the local CLI.
|
sadmin status
|
L, W
|
E, D, U
|
|
sadmin status volumename
|
| trusted
|
Identifies a local or remote share as a trusted file path, volume, or directory. You can include, exclude, remove, list, or flush the trusted volumes or directories.
|
sadmin trusted -e pathname1 ... pathnameN
|
L
|
E, D, U
|
|
sadmin trusted -i pathname1 ... pathnameN
|
|
sadmin trusted -r pathname1 ... pathnameN
|
|
sadmin trusted -f
|
|
sadmin trusted -l
|
|
sadmin trusted -e volumesetname1 ... volumesetnameN
|
W
|
E, D, U
|
|
sadmin trusted -e pathname1 ... pathnameN
|
|
sadmin trusted -i volumesetname1 ... volumesetnameN
|
|
sadmin trusted -i pathname1 ... pathnameN
|
|
sadmin trusted -r volumesetname1 ... volumesetnameN
|
|
sadmin trusted -r pathname1 ... pathnameN
|
|
sadmin trusted -f
|
|
sadmin trusted -l
|
|
sadmin trusted -u <local or network path>
|
| unsolidify (unso)
|
Removes specified files from the whitelist.
|
sadmin unsolidify [ -v ] filename1 ... filenameN
|
L, W
|
E, D, U
|
|
sadmin unsolidify [ -v ] directoryname1 ... directorynameN
|
|
sadmin unsolidify [ -v ] volumename1 ... volumenameN
|
| updaters
|
Adds, deletes, lists, or flushes programs from the list of authorized updaters.
|
sadmin updaters add [ -d ] { binaryname }
|
L
|
E, D, U
|
|
sadmin updaters add [ -n ] { binaryname }
|
|
sadmin updaters add [ -p parent-programname ] { binaryname }
|
|
sadmin updaters add [ -t rule-id ] { binaryname }
|
|
sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] [ -p parent-programname ] { binaryname }
|
|
sadmin updaters remove { binaryname }
|
|
sadmin updaters remove [ -p parent-programname ] { binaryname }
|
|
sadmin updaters list
|
|
sadmin updaters flush
|
|
sadmin updaters add [ -d ] { binaryname }
|
W
|
E, D, U
|
|
sadmin updaters add [ -l libraryname ] { binaryname }
|
|
sadmin updaters add [ -n ] { binaryname }
|
|
sadmin updaters add [ -p parent-binaryname ] { binaryname }
|
|
sadmin updaters add [ -t rule-id ] { binaryname }
|
|
sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] [ -l libraryname ] { binaryname }
|
|
sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] [ -p parent-binaryname ] { binaryname }
|
|
sadmin updaters add [ -t rule-id ] -u username
|
|
sadmin updaters remove { binaryname }
|
|
sadmin updaters remove [ -l libraryname ] { binaryname }
|
|
sadmin updaters remove [ -p parent-binaryname ] { binaryname }
|
|
sadmin updaters remove -u username
|
|
sadmin updaters list
|
|
sadmin updaters flush
|
| version
|
Displays the version of the installed
Application Control.
|
sadmin version
|
L, W
|
E, D, U
|
| write-protect (wp)
|
Write-protects specified files including the whitelisted files. You must specify complete file or directory names with this command.
|
sadmin write-protect -e pathname1 ... pathnameN
|
L, W
|
E, D, U
|
|
sadmin write-protect -i pathname1 ... pathnameN
|
|
sadmin write-protect -r pathname1 ... pathnameN
|
|
sadmin write-protect -f
|
|
sadmin write-protect -l
|
| write-protect-reg (wpr)
|
Write-protects specified registry keys including the whitelisted registry keys.
|
sadmin write-protect-reg -e registrykeyname1 ... registrykeynameN
|
W
|
E, D, U
|
|
sadmin write-protect-reg -i registrykeyname1 ... registrykeynameN
|
|
sadmin write-protect-reg -r registrykeyname1 ... registrykeynameN
|
|
sadmin write-protect-reg -l
|
|
sadmin write-protect-reg -f
|
