Change Control features

Change Control software can block change activities in server environments to prevent security breaches, data loss, and outages. This makes it easy to meet compliance requirements. These are the key features of Change Control.

Real-time monitoring

Change Control fulfills the Payment Card Industry (PCI) Data Security Standard (DSS) requirements 10 and 11.5 for file integrity monitoring (FIM). The software provides real-time monitoring for file and registry changes. Real-time monitoring eliminates the need to perform scan after scan on endpoints and identifies transient change violations, such as when a file is changed and restored to its earlier state. It captures changes including:

  • Time of the change
  • Who made the change
  • What program was used to make the change
  • Whether the change was made manually or by an authorized program
It maintains a comprehensive and up-to-date database (on McAfee ePO) that logs attempts to modify files, registry keys, and local user accounts.

Content change tracking

Change Control allows you to track content and attribute changes for files. File content changes can be viewed and compared side-by-side to see what was added, deleted, or modified. This is handy while troubleshooting configuration-related outages. The software include special alerting mechanisms to instantly notify you of critical changes, so that you can prevent configuration-related outages — a recommended information technology infrastructure library (ITIL) best practice. Also, qualified security assessor (QSA) forms are provided for easy PCI reporting.

Customizable filters

You can use filters to make sure that only relevant changes make it to the database. You can define filters to match the file name, directory name, registry key, process name, file extension, and user name. Using the criteria, you can define two types of filters.

  • Include filters to receive information about events matching the specified filtering criteria.
  • Exclude filters to ignore information about events matching the specified filtering criteria.

Filtering events is required to control the volume of change events. Typically, some changes are program-generated and do not need to be reported to the system administrator. If programmatic and automatic change activity is high, a large number of change events can overwhelm the system. Using filters makes sure that only relevant change events are recorded.

Efficient policy enforcement

Change Control enforces change policies that require the changes to be made within a time window, only by trusted sources. However, Change Control can be fine-tuned to allow native applications to update their files continuously without interruption, while disallowing other applications or users from making changes or even reading specified files.

Read protection

Read-protection rules prevent users from reading the content of specified files, directories, and volumes. If a directory or volume is read-protected, all files in the directory or volume are read-protected. Once defined, read-protection rules are inherited by subdirectories. You cannot read-protect registry keys.

Note: By default, read protection is disabled.

Write protection

Use write-protection rules to prevent users from creating files (including directories and registry keys) and modifying existing files, directories, and registry keys. Write-protecting a file or registry key renders it read-only and protects it from unanticipated updates. These actions are prevented for a write-protected file or registry key.

  • Delete
  • Rename
  • Create hard links
  • Modify contents
  • Append
  • Truncate
  • Change attributes (for example, owner, group, and permissions)
  • Create Alternate Data Stream (Microsoft Windows only)