8/3/2019 Ds Application Control

1/2

Data Sheet

Key Advantages

Protection against zero-day threats

without requiring signature updates

Extends the business viability of

xed function systems (point-of-sale

terminals in retail environments ATM

devices in banking, and legacy, xed-function Microsoft Windows NT and

2000 systems)

Lower cost of ownership because

dynamic whitelisting eliminates

manual effort

Leverages your security investment

in McAfee ePO software

Low overhead software solution that

runs transparently on endpoints

Key Features

Automatically accepts new software

added through an authorized

process

Prevents execution of all

unauthorized software, scripts,

and dynamic-link libraries (DLLs)

and further defends against

memory exploits

Easily accommodates existing change

processes across connected or

disconnected servers and endpoints

Administrators with physical or

remote access to the machine cannot

override protection

Centralized administration further

alleviates IT overhead.

Todaysresource-strappedITdepartmentsface

tremendouspressuretoensurethatendpointsand

serverscomplywithsecuritypolicies,operating

procedures,andregulations.Enduserscan

unintentionallyintroducesoftwarethatposesa

risktothebusiness.Businessesofallsizesneedan

efcientwaytostandardizeendpointsandservers

toensurethattheyarerunningapprovedsoftware

withoutimpactingend-userproductivity.

Business Efciency in a Controlled Environment

McAfeeApplicationControlsoftwareaugments

blacklisting,real-timereputationawareness,and

behavioralapproaches,helpingITtoconsistently

enabletheknowngood,blocktheknownbad,

andproperlyhandlethenewandunknown.

Ourdynamicwhitelistingtrustmodelreduces

costsbyeliminatingcostlymanualsupport

associatedwithotherwhitelistingtechnologies.

Complete protection from unwanted

applications and code

Today,maliciouscodetakesfulladvantageofthe

exiblesoftwareandmodularcodeusedintodays

businessenvironments.McAfeeApplication

ControlsoftwareextendscoveragetoJava,

ActiveXcontrols,scripts,batchles,andspecialty

codetogiveyougreatercontroloverapplication

componentsandtoblockadvancedthreats

withoutrequiringsignatureupdates.

Scalable centralized management

McAfeeApplicationControlsoftwareleverages

yoursecurityinvestmentintheMcAfeeePolicy

Orchestrator(McAfeeePO)management

platform.McAfeeePOsoftwareprovidesremote

deployment,andlargeenterpriserolloutscanbe

easilymanagedandreportedonfromacentral

location.

Flexible, affordable, manageable, and secure

Dynamicmanagementofwhitelistsmakesiteasy

tosupportmultiplecongurationsfordifferent

businessneeds:point-of-saleterminals,back-

ofceservers,andmultipledesktopimagesfor

differentuserproles.Itrunstransparentlyon

endpointswithverylowinitialandongoing

operationalcosts.

Increase Control over Fixed-Function Systems

Inregulatedindustriessuchasbanking,retail,

manufacturing,andcriticalinfrastructure,devices

suchaspoint-of-sale(POS)terminals,customerserviceterminals,andlegacyMicrosoftWindows

NTand2000systemsperformcriticalfunctions

andoftenstoresensitivedata.

McAfeeApplicationControlsoftwareisidealfor

extendingalayerofprotectiontosystemsthat

arexedfunctionintermsofCPUormemory

resources.Itslowoverheadfootprintdoesnot

impactsystemperformance,requiresverylow

initialandongoingoperationaloverhead,and

isequallyeffectiveinstandalonemodewithout

networkaccess.

McAfee Application ControlReduce risk from unauthorized applications, and gain stronger

endpoint control

Userscanunintentionallyintroducesoftwarethatinstallsmalware,createssupport

issues,andviolatessoftwarelicensescompromisingsystemsandyouroverallbusiness

McAfeeApplicationControlsoftwareoffersaneffectivewaytoblockunauthorized

applicationsand,unlikesimplewhitelisting,usesadynamictrustmodeltoavoid

labor-intensivelists.Asenterprisesfaceanavalancheofunknownsoftwarefromthe

Internet,thiscentrallymanagedsolutionaddstimelycontroltoyoursystemsecurity

strategyandisattunedtotheoperationalneedsofenterprises.

8/3/2019 Ds Application Control

2/2

McAfee, the McAfee logo, McAfee ePolicy Orchestrator, and McAfee ePO are registered trademarks or trademarks of McAfee, Inc. or its

subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans,

specications and descriptions herein are provided for information only and subject to change without notice, and are provided without

warranty of any kind, express or implied. Copyright 2010 McAfee, Inc.

9157ds_dtp_application_control_0310

McAfee, Inc.

3965 Freedom Circle

Santa Clara, CA 95054

888 847 8766

www.mcafee.com

Dynamic Whitelisting via a Trust Model

Leveragingatrustedsourcemodel,McAfee

ApplicationControlsoftwareeliminatestheneed

forITadministratorstomanuallymaintainlistsofapprovedapplications.Onlyauthorizedsoftwareis

allowedtorun,anditcannotbetamperedwith.

Secure update flow

Change agents

(Tivoli, SMS)

Authorized updaters

Remote (network

attached storageand file shares)

Signed update

User updates

Figure 2. Secure update ow.

Small Overhead Footprint

McAfeeApplicationControlsoftwareisalow-

overheadsoftwaresolution.

Easysetupandlowinitialandongoing

operationaloverhead

MinimalimpactonCPUcyclesanduseslessthan

10MBofRAM

Nolesystemscanningthatcouldimpact

systemperformance

Designedtoworkindisconnectedandin

ofinemode

Requiresnosignatureupdates

Figure 3. How dynamic whitelisting works:

0. Full automatic discovery of all executing software

on the system.

1. Pre-computation of an extremely lightweight

run-time system.

2. Fully automatic code admission control during

system maintenance.

McAfee ePO software consolidates and

centralizes management for all McAfee

products

Byusingasingle,integratedmanagement

platform,companiesgreatlyreducethenumberof

ITmanagersneededtomanageendpointsecurity

withmultipleconsoles.WiththeMcAfeeePO

platform,ITcan:

Accesscentralizedeventmonitoring,reports,

dashboard,andworkowthroughasingle,web

basedmanagementplatform

Deploy,manage,andupdateagentsandpolicies

fromonemanagementsystem

Integration and Compatibility withMcAfee Solutions

McAfeeIntegrityControlsoftwarecombines

applicationcontrolandchangecontroltoensure

completesystemintegrity.Changecontroladds

continuousleintegritymonitoringandchange

policymanagement.McAfeeIntegrityControl

softwareisavailableforxed-functionsystems

suchaspoint-of-sale(POS)devicesandautomated

tellermachines(ATMs).

McAfeeEndpointProtectioncustomerswillalso

benetfromenhancedcontrolofendpointsand

servers.McAfeeApplicationControlsoftwarecomplementsthesignatureandbehavioral-based

componentsbyeliminatingunauthorizedcode

fromexecutingondesktopstofurthersafeguard

enterpriseenvironments.

McAfeeApplicationControloperatesinavariety

ofnetworktopologiesandrewallcongurations

andprovidesanideallayerofcontrolinvirtualized

environments.

Data Sheet McAfee Application Control

Specications

Operating systems (OS)

Microsoft Windows NT*Microsoft Windows 2000/2003/2008

Microsoft Windows XP/Vista

Microsoft Windows XPE

Microsoft Windows XP/Vista (64-bit)

Microsoft Windows 2003/2008 (64-bit)

Microsoft Windows CE 6.0*

Microsoft Windows 7

Microsoft 2008 R2

Linux RHEL 3/4/5

CentOS 4/5

SuSE EL 9/10

Oracle EL 5

Solaris 8/9/10

* These platforms are not supported

by the McAfee ePolicy Orchestrator,

management platform, or they

work in standalone mode.

Figure 1. McAfee Application Control

software extends a layer of protection

to xed-function devices such as

kiosks, POS terminals, and legacy

platforms to reduce customer risk

exponentially.

Blacklist

Whitelist

Application

Control

ServersKiosks

Thin Clients Point of Sale

Identify Disk Image(Automatic)

0

Initial SystemInventory Created

1System Control

Assured

2