Managing product features

When Application Control is installed in a system, the product features are in their default status which is critical to provide protection to your system. You might need to change the default status of one or more features to allow configuration changes.

Reviewing the features

You can review the list of all Application Control features and check their status (enabled or disabled) in your system: sadmin features list

Note: The features list has been minimized to show only the features that require changes regularly.

Feature Description Default status
activex Installs and runs ActiveX controls on the protected system. Only the Internet Explorer browser is supported for the ActiveX control installations. Simultaneous installation of ActiveX controls using multiple tabs of Internet Explorer is not supported. Enabled
checksum Compares the checksum of the file to be executed with the checksum stored in the whitelist. Enabled
deny-read Read-protects the specified components. When this feature is applied on components, they can't be read. Read protection works only when the software is running in Enabled mode. Disabled
deny-write Write-protects the specified components. When this feature is applied on the components, they are rendered as read-only to protect your data. Enabled
discover-updaters

Generates a list of potential updaters that can be included in the system.

When running in Enabled mode, the software protection might prevent a legitimate application from executing (if rules are not defined). This feature tracks all failed attempts by authorized executable to change protected files or run other files and generates a list of possible updaters.

Enabled
execution-control

Defines attribute-based rules using one or more attributes of a process to allow, block, or monitor the process.

Enabled
integrity

Protects Application Control files and registry keys from unauthorized tampering. Allows the product code to run even when the components aren't present in the whitelist. This feature ensures that all product components are protected. It prevents accidental or malicious removal of components from the whitelist to ensure that the product doesn't become unusable. In update mode, it's disabled to facilitate product upgrades.

Enabled
mp

Protects running processes from hijacking attempts. Unauthorized code injected into a running process is trapped, halted, and logged. Attempts to gain control of the system through buffer overflow and similar exploits are rendered ineffective.

Enabled
mp-casp

Renders useless code that is running from the non-code area, which happens due to a buffer overflow being exploited on 32-bit Windows platforms.

Enabled
mp-vasr

mp-vasr-forced-relocation

Forces relocation of those dynamic-link libraries (DLLs) that have opted out of the Windows native ASLR feature.

Some malware relies on these DLLs always being loaded at the same and known addresses. By relocating such DLLs, these attacks are prevented.

Enabled
network-tracking

Tracks files over network directories and blocks the execution of scripts over network directories. By default, this feature is enabled and prevents the execution of scripts over network directories. When this feature is disabled, execution of scripts over network directories is allowed. Also, write-protecting or read-protecting components over a network directory isn't effective.

Enabled
pkg-ctrl Manages installation and uninstallation of MSI-based and non-MSI-based installers. Enabled
script-auth

Prevents the execution of supported script files that aren't in the whitelist. Only whitelisted script files are allowed to execute on the system. For example, supported script files such as .bat, .cmd, .vbs are added to the whitelist and are allowed to execute.

Enabled

Enabling or disabling features

If needed, you can change the default status of a feature by enabling or disabling features. After disabling a feature, the system is no longer protected by that feature.

CAUTION: Use caution and see McAfee Support before enabling or disabling a feature. It can affect the core functionality of the product and might make your system vulnerable to security threats.

Action Command
Enable a feature. sadmin features enable <featurename>
Disable a feature. sadmin features disable <featurename>