monitor
|
Monitors changes to these actions on the system.
- Files
- Registry entries (Windows only)
- Process execution or termination
- User activity
- Process
Also, you can add rules to track content changes for files in a directory. However, this is useful on
McAfee ePO-managed configuration. The content change tracking for files can be viewed only at
McAfee ePO. For more information, see
McAfee
Change Control and
Application Control 8.0.0 Product Guide.
|
sadmin monitor file [ -e ] filename
|
L, W
|
E, D, U
|
sadmin monitor file [ -e ] directoryname
|
sadmin monitor file [ -e ] volumename
|
sadmin monitor file [ -e ] pathname1 ... pathnameN
|
sadmin monitor file [ -i ] filename
|
sadmin monitor file [ -i ] directoryname
|
sadmin monitor file [ -i ] volumename
|
sadmin monitor file [ -i ] pathname1 ... pathnameN
|
sadmin monitor file [ -r ] filename
|
sadmin monitor file [ -r ] directoryname
|
sadmin monitor file [ -r ] volumename
|
sadmin monitor file [ -r ] pathname1 ... pathnameN
|
sadmin monitor file -f
|
sadmin monitor reg [ -e ] registrykey1 ... registrykeyN
|
sadmin monitor reg [ -i ] registrykey1 ... registrykeyN
|
sadmin monitor reg [ -r ] registrykey1 ... registrykeyN
|
sadmin monitor reg -f
|
sadmin monitor extn [ -e ] file_extension1 ... file_extensionN
|
sadmin monitor extn [ -i ] file_extension1 ... file_extensionN
|
sadmin monitor extn [ -r ] file_extension1 ... file_extensionN
|
sadmin monitor extn -f
|
sadmin monitor process [ -e ] processname1 ... processnameN
|
sadmin monitor process [ -i ] processname1 ... processnameN
|
sadmin monitor process [ -r ] processname1 ... processnameN
|
sadmin monitor process -f
|
sadmin monitor user [ -e ] username1 ... usernameN
|
sadmin monitor user [ -r ] username1 ... usernameN
|
sadmin monitor user -f
|
sadmin monitor procexec [ -e ] processpath | directoryname
|
sadmin monitor procexec [ -e ] directoryname1 ... directorynameN
|
sadmin monitor procexec [ -i ] processpath | directoryname
|
sadmin monitor procexec [ -i ] directoryname1 ... directorynameN
|
sadmin monitor procexec [ -r ] processpath | directoryname
|
sadmin monitor procexec [ -r ] directoryname1 ... directorynameN
|
sadmin monitor procexec -f
|
sadmin monitor file-diff-dir -i -d directoryname
|
sadmin monitor file-diff-dir -d directoryname
|
sadmin monitor file-diff-dir -d [ -n ENCODING ] directoryname
|
sadmin monitor file-diff-dir [ -a INCLUDE PATTERN ] -d directoryname
|
sadmin monitor file-diff-dir [ -b EXCLUDE PATTERN ] -d directoryname
|
sadmin monitor file-diff-dir [ -a INCLUDE PATTERN ] [ -c ] -d directoryname
|
sadmin monitor file-diff-dir [ -a INCLUDE PATTERN ] [ -c ] -d [ -n ENCODING ] directoryname
|
sadmin monitor file-diff-dir [[-i [[-a INCLUDE-PATTERN] ... [-b EXCLUDE-PATTERN] ... [-c] -d [-n ENCODING]]] directoryname]
|
sadmin monitor file-diff-dir -r directoryname
|
sadmin monitor file-diff-dir -f
|
sadmin monitor list
|
sadmin monitor flush
|
begin-update (bu)
|
Initiates Update mode to help perform software updates and installations.
|
sadmin begin-update [ workflow-id [ comment ]]
sadmin bu [ workflow-id [ comment ]]
|
L, W
|
E, D
|
cert
|
Manages certificates for digitally signed files. You can add, remove, or list the certificates in the
Change Control certificate store, which is a directory within the install directory
<instlall_dir>/Certificates.
|
sadmin cert add certificate_name
|
W
|
E, D, U
|
sadmin cert add -u certificate_name
|
sadmin cert add -c certificate_content
|
sadmin cert remove SHA1
|
sadmin cert remove SHA256
|
sadmin cert remove -c certificate_content
|
sadmin cert list
|
sadmin cert list -d
|
sadmin cert list -u
|
sadmin cert flush
|
config
|
Allows you to:
- Export current configuration settings to a file.
- Import configuration settings from a file to an existing installation.
|
sadmin config export filename
|
L, W
|
E, D, U
|
sadmin config import [ -a ] filename
|
sadmin config set name=value
|
sadmin config show
|
diag
|
Runs diagnostics and offers suggestions on programs and applications to authorize (to perform updates).
|
sadmin diag
|
W
|
E, U
|
sadmin diag fix [ -f ]
|
disable
|
Activates Disabled mode. Restart the system to make sure that the command is applied. On the Linux platform, if
Change Control is in Enabled mode, system restart is not required to apply this command. However, to uninstall the product, system restart is required.
|
sadmin disable
|
L, W
|
E, U
|
enable
|
Activates Enabled mode.Restart the
Change Control service to apply this command.
|
sadmin enable
|
L, W
|
D
|
end-update (eu)
|
Ends Update mode and activates Enabled mode.
|
sadmin end-update
sadmin eu
|
L, W
|
U
|
event
|
Configures the log targets (sinks) for generated events.
|
sadmin event sink
|
L, W
|
E, D, U
|
sadmin event sink eventname sinkname
|
sadmin event sink -a { eventname | ALL } { sinkname | ALL }
|
sadmin event sink -r { eventname | ALL } { sinkname | ALL }
|
features
|
Enables, disables, or lists the features on an existing installation.
|
sadmin features
|
L, W
|
E, D, U
|
sadmin features enable featurename
|
sadmin features disable featurename
|
sadmin features list
|
help
|
Provides information about basic commands.
|
sadmin help
|
L, W
|
E, D, U
|
sadmin help [ command ]
|
help-advanced
|
Provides information about advance commands.
|
sadmin help-advanced
|
L, W
|
E, D, U
|
sadmin help-advanced [ command ]
|
license
|
Adds or displays licensing information.
|
sadmin license add licensekey
|
L, W
|
D
|
sadmin license list
|
lockdown
|
Disables the local command line interface. After lockdown, you can only issue the help, help‑advanced, status, version, and recover commands.
|
sadmin lockdown
|
L, W
|
E, D, U
|
passwd
|
Sets a password for the command line interface.
If the password is set, you must verify the password before executing critical commands.
Using
sadmin passwd -d command removes the password.
|
sadmin passwd
|
L, W
|
E, D, U
|
sadmin passwd -d
|
read-protect (rp)
|
Displays or modifies the read-protection rules. You must specify complete file or directory names with this command.
For more information about rp command, see
Protect the file system components
in the
McAfee Application Control 8.0.0 Product Guide for standalone mode.
|
sadmin read-protect -e pathname1 ... pathnameN
|
L, W
|
E, D, U
|
sadmin read-protect -i pathname1 ... pathnameN
|
sadmin read-protect -r pathname1 ... pathnameN
|
sadmin read-protect -l
|
sadmin read-protect -f
|
recover
|
Recovers the local command line interface.
|
sadmin recover
|
L, W
|
E, D, U
|
sadmin recover -f
|
status
|
Displays the status of
Change Control. You can view the operational mode, operational mode on system restart, connectivity with
McAfee® ePolicy
Orchestrator® (McAfee® ePO™)
, access status, and whitelist status of the local CLI.
|
sadmin status
|
L, W
|
E, D, U
|
sadmin status volumename
|
trusted
|
Identifies a local or remote share as a trusted volume or directory. You can include, exclude, remove, list, or flush the trusted volumes or directories.
|
sadmin trusted -e pathname1 ... pathnameN
|
L
|
E, D, U
|
sadmin trusted -r pathname1 ... pathnameN
|
sadmin trusted -l
|
sadmin trusted -f
|
sadmin trusted -e volumesetname1 ... volumesetnameN
|
W
|
E, D, U
|
sadmin trusted -e pathname1 ... pathnameN
|
sadmin trusted -r volumesetname1 ... volumesetnameN
|
sadmin trusted -r pathname1 ... pathnameN
|
sadmin trusted -l
|
sadmin trusted -f
|
sadmin trusted -u <network path>
|
updaters
|
Adds, deletes, lists, or flushes programs from the list of authorized updaters.
|
sadmin updaters add [ -d ] { binaryname }
|
L
|
E, D, U
|
sadmin updaters add [ -n ] { binaryname }
|
sadmin updaters add [ -p parent-programname ] { binaryname }
|
sadmin updaters add [ -t rule-id ] { binaryname }
|
sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] [ -p parent-programname ] { binaryname }
|
sadmin updaters remove { binaryname }
|
sadmin updaters remove [ -p parent-programname ] { binaryname }
|
sadmin updaters list
|
sadmin updaters flush
|
sadmin updaters add [ -d ] { binaryname }
|
W
|
E, D, U
|
sadmin updaters add [ -l libraryname ] { binaryname }
|
sadmin updaters add [ -n ] { binaryname }
|
sadmin updaters add [ -p parent-binaryname ] { binaryname }
|
sadmin updaters add [ -t rule-id ] { binaryname }
|
sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] [ -l libraryname ] { binaryname }
|
sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] [ -p parent-binaryname ] { binaryname }
|
sadmin updaters add [ -t rule-id ] -u username
|
sadmin updaters remove { binaryname }
|
sadmin updaters remove [ -l libraryname ] { binaryname }
|
sadmin updaters remove [ -p parent-binaryname ] { binaryname }
|
sadmin updaters remove -u username
|
sadmin updaters list
|
sadmin updaters flush
|
version
|
Displays the version of the installed
Change Control product.
|
sadmin version
|
L, W
|
E, D, U
|
write-protect (wp)
|
Write-protects specified files including the whitelisted files. You must specify complete file or directory names with this command.
|
sadmin write-protect -e pathname1 ... pathnameN
|
L, W
|
E, D, U
|
sadmin write-protect -i pathname1 ... pathnameN
|
sadmin write-protect -r pathname1 ... pathnameN
|
sadmin write-protect -l
|
sadmin write-protect -f
|
write-protect-reg (wpr)
|
Write-protects specified registry keys including the whitelisted registry keys.
|
sadmin write-protect-reg -e registrykeyname1 ... registrykeynameN
|
W
|
E, D, U
|
sadmin write-protect-reg -i registrykeyname1 ... registrykeynameN
|
sadmin write-protect-reg -r registrykeyname1 ... registrykeynameN
|
sadmin write-protect-reg -l
|
sadmin write-protect-reg -f
|
|