Open Source/McAfee Application Control and McAfee Change Control Administration (MACCC)

Download Course Contents

McAfee Application Control and McAfee Change Control Administration (MACCC) Course Overview

Enroll for our 4-day McAfee Application Control and McAfee Change Control Administration (MACCC) from Koenig Solutions. This course provides in-depth training on the tools you need to efficiently install, configure, operate, and troubleshoot issues relating to McAfee Application Control and McAfee Change Control to safeguard intellectual property and ensure compliance.

Through a blend of hands-on labs and interactive lectures, you will learn uses of McAfee® ePolicy Orchestrator® (McAfee® ePO™) software for centralized management. It also explains how to use McAfee Application Control for dynamic allow listing to ensure that only trusted applications run on devices servers, and desktops and how to use McAfee Change Control to monitor and prevent changes to the file system, registry, and user accounts.

Target Audience:

This course is intended for System administrators, security personnel, auditors, and/or consultants concerned with system security.

Learning Objectives:

  • Understand the capabilities of McAfee’s Application Control and Change Control solutions
  • Install and administer
  • Manage remote
  • Protect endpoints

 

This is a Rare Course and it can be take up to 3 weeks to arrange the training.

  • 1. Do you have limited Window for training?
  • 2. Can you only spend 4-hours per day?
  • 3. Do you want to start training immediately?
  • If your answer is yes to any one of the above, you need 1-on-1- Training
The 1-on-1 Advantage
Methodology
Flexible Dates
4-Hour Sessions
  • View video
  • The course will be free if we are not able to start within 7 days of booking.
  • Only applicable for courses on which this logo appears.

You will learn:

Module 1: Introduction to the McAfee Application Control/Change Control
  • What is MACCC?
  • Solidcore Architecture
  • Multi-layered Security Solution
  • Whitelisting
  • Trust Model
  • Image Deviation
  • Differentiators
  • Visibility and Enforcement for End-to-end Compliance
  • File Integrity Monitoring
  • Change Prevention
  • Install Workflow
  • Navigation to Solidcore Components
  • Solidcore Configuration
  • Updaters or Publishers
  • Solidcore Configuration
  • Installers
  • Solidcore Policies
  • Windows Path Definitions
  • Solidcore Server Tasks
  • Solidcore: Purge Task
  • Migration Server Task
  • Calculate Predominant Observations (Deprecated)
  • Content Change Tracking Report Generation
  • Solidcore: Run Image Deviation
  • Image Deviation (Application Control)
  • Specifying a Golden Image
  • Solidcore: Scan a Software Repository
  • ePO Server Prerequisite Software
  • Supported SQL Server Releases
  • Default Communication Ports
  • Default Ports
  • Determining Ports in Use
  • Deployment Scenario: Basic Plan
  • Solution A: One ePO Server
  • Solution B: Two ePO Servers
  • Solution C: ePO server with Agent Handlers
  • Deployment Scenario: Disk Configuration
  • Solution: Less than 5,000 Nodes
  • Solution: 5,000 to 25,000 Nodes
  • Deployment Scenario: Disk Configuration
  • Solution: 25,000 to 75,000 Nodes
  • Solution: More than 75,000 Nodes
  • How Products and Events Affect Calculations
  • Example: Calculating Averages
  • Calculating Your Environment
  • Security Evolution
  • Security Connected
  • Breadth and Depth for Security
  • ePO Solution Overview
  • How ePO Works
  • Essential Features
  • ePO Web Interface
  • Menu Page
  • Agent Components
  • Agent-Server Secure Communication Keys
  • Communication after Agent Installation
  • Typical Agent-to-Server Communication
  • McAfee Agent-to-Product Communication
  • Forcing Agent Activity from Server
  • Wake-up Calls and Wake-up Tasks
  • Configuring Agent Wake-up
  • Locating Agent Node Using DNS
  • Forcing McAfee Agent Activity from Client
  • Viewing McAfee Agent Log
  • ePO 4.x/McAfee Agent 4.x Feature Dependencies
  • Agent Files and Directories
  • McAfee Agent Log Files
  • Using Log Files
  • Installation Folders
  • Extensions in ePO
  • Extensions Menu
  • Integration of AC/CC Extension
  • ePO Database Sizing
  • Installation of Extension
  • Solidcore Licensing
  • What is Solidcore?
  • Install Workflow Review
  • Installing Licenses
  • Solidcore Database Tables
  • The agent plug-in and how it works
  • Types of Platforms Protected
  • Supported Systems
  • Check-in Agent Plug-in Package into ePO
  • Deploying the Solidcore Agent Plugin
  • Verifying Installation from the Endpoint
  • Solidcore Client Tasks
  • Enable Solidcore Agent Task
  • Disable Solidcore Agent Task
  • Initial Scan to Create Whitelist
  • Pull Inventory
  • Begin Update Mode
  • End Update Mode
  • Change Local CLI Access
  • Collect Debug Info
  • Run Commands
  • Get Diagnostics for Programs
  • Features for the Client
  • Client Notifications and Events
  • Client Events and Approvals
  • Customizing Client Notifications
  • What are Observations?
  • Observe Mode
  • Manage requests
  • Review requests
  • Process requests
  • Allow by a checksum on all endpoints
  • Allow by publisher on all endpoints
  • The ban by a checksum on all endpoints
  • Define custom rules for specific endpoints
  • Allow by adding to whitelist for specific endpoints
  • Define bypass rules for all endpoints
  • Delete requests
  • Review created rules
  • Throttle observations
  • Define the threshold value
  • Review filter rules
  • Manage accumulated requests
  • Exit Observe mode
  • Inventory Introduction
  • Fetch Inventory
  • GTI Integration
  • Trust level and score
  • Cloud Trust Score
  • Inventory Without Access to GTI
  • Fetch McAfee GTI ratings for isolated networks
  • Export SHA1s of all binaries
  • Run the Offline GTI tool
  • Fetch Inventory – Bad File Found Event
  • Manage the inventory
  • Manage Binaries
  • Application Control Policies
  • Role of the Policy
  • Application Control Configuration
  • Managing Rule Groups
  • Creating an Application Control Rule Group
  • Updater Tab
  • Trusted Users
  • Using a Rule Group to Block an Application
  • What is Update Mode?
  • How to Update a Solidified System
  • Auto-Updaters
  • Authorized Updaters
  • Determining Updaters
  • Understanding Publishers
  • Understanding Installers
  • Scan a Software Repository
  • Revisit – Solidcore Permission Sets
  • Reboot Free Activation
  • Inventory Management Enhancements
  • Inventory Management – Pull Inventory
  • Inventory By Application
  • Inventory By Systems
  • Inventory Application Drill-down
  • Inventory Binary Drill-down
  • Modifying Enterprise Trust Level
  • Understanding Events
  • What Creates an Event
  • When Are Events Sent Back?
  • Viewing Events
  • Advanced Filters
  • Selecting Columns to Display
  • Viewing the Details of an Event
  • Solidcore Events
  • Example of Solidcore Events
  • Application Control Events
  • Planning Automatic Responses
  • Throttling, Aggregation, and Grouping
  • Understanding Alerts
  • Configuring a Solidcore Alert
  • Viewing an Alert
  • Support of SNMP Alerts
  • Customizing End-User Notifications
  • Syslog Enhancements
  • Application Control & Change Control
  • Change Control & Integrity Monitoring
  • Disable Solidcore
  • Enable Solidcore on the Endpoint
  • Verifying Client Task Completion
  • Integrity Monitoring Policies
  • Using Integrity Monitor
  • Creating an Integrity Monitor policy
  • Integrity Monitoring Policies
  • Testing your Monitoring
  • Reducing “Noise”
  • Example of Reducing “Noise”
  • Change Control Policies
  • Variables for Use in Policies
  • Example of Variables in a Rule Group
  • Write Protect a File, Trusted Program can Alter
  • Write Protect a Registry Key, Program can Alter
  • Write Protect a File, Trusted User can Alter
  • Verifying only Trusted User can Alter
  • Read Protection must be Enabled
  • Read Protect a File, Trusted Program can Access
  • Emergency Changes
  • Content Change Tracking
  • One-Click Exclusion (Advanced Exclusion Filtering)
  • One-Click Exclusion Configuration
  • ePO Dashboards
  • Queries As Dashboard Monitors
  • Dashboard Access
  • Dashboard Configuration
  • Solidcore Dashboards
  • Application Control Dashboard
  • Change Control Dashboard
  • Integrity Monitor Dashboard
  • Inventory Dashboard
  • Solidcore Queries
  • Reporting > Solidcore
  • Application Control > Inventory
  • Application Control > Image Deviation
  • Automation > Solidcore Client Task Log
  • Creating a Customized Dashboard
  • Making a Dashboard Public
  • Set the Default Dashboard
  • Solidcore Architecture and Components
  • Solidcore 6.1.3 Architecture
  • Troubleshooting References
  • Location of Solidcore Files on Endpoint
  • ePolicy Orchestrator Application Server Service Logs
  • Solidcore Registry Keys on Endpoint
  • Solidcore Services
  • Troubleshooting Best Practice
  • Escalation Best Practices
  • Troubleshooting GTI Cloud Issues Best Practice
  • Top Issues – Task Failure
  • Top Issues – Denied Execution Issues
  • Top Issues – Denied Execution of a Network Share
  • Top Issues – Network Share
  • Top Issues – KB
  • Useful Tools
  • Solidcore Event Logs
  • Solidcore User Notifications
  • Solidcore Troubleshooting Tools
  • Escalation Tools
  • Minimum Escalation Requirements (MER)
  • Running MER Tool on Client
  • Dump Tools
  • A Case from History
  • Unpatched, Known Vulnerabilities in the Client
  • Browser-based Exploits
  • The Remedy
  • Application Whitelisting
  • Increasing Compliance Requirements
  • Remedy
  • File Monitoring
  • Complete the Task
  • Solidcore CLI
  • Viewing the CLI Access
  • Enabling the CLI
  • Unlocking the CLI Locally
  • Securing the CLI
  • Using the CLI
  • SADMIN Commands
  • Solidifying from the CLI
  • Unsolidifying
  • What is Solidcore’s Status?
  • Beginning the Update Status
  • Ending the Update Status
  • Enabling and Disabling Solidifier
  • SADMIN Commands
  • Advanced SADMIN Commands
  • Solidcore Commands
  • New CLI Commands
  • Application Control Rules & Helpful Commands
  • Read/Write Protect Files
  • Change Control Commands – Write Protection
  • How To Write Protect a File
  • Modifying a Read/Write Protected Files
  • Change Control Features – Write Protection
  • Application Control
  • Authorize Command Arguments
  • Discovering and Adding Updaters
  • SADMIN Diag Notations
  • Discovering and Adding Updaters
  • Using Attributes to Control File Execution
  • Using Attributes to Control File Execution
  • Viewing Solidcore Events
  • Event Sinks
  • Logging Events
  • Event Names and Log Entries
  • Product Tools
  • Review of Initial Setup Tasks
  • Systems Tree Infrastructure
  • Communication between ePO and Agent
  • Activation Options: Application Control Only
  • Inventory Collection Scan
  • Protection State Selection
  • Protection State Delivery
  • Testing Protection mechanisms
  • Policies and Rule Groups
  • Policy Tuning
  • Bypass Rules and Exclusions
  • Inventory and Whitelist
  • Updaters
  • Application Control Memory Protection
  • Basic Troubleshooting and FAQs
  • Solving Memory Discrepancies
  • Helpful Resources
Live Online Training (Duration : 32 Hours) Fee On Request
Group Training
04 Jul - 07 Jul 09:00 AM - 05:00 PM CST
(8 Hours/Day)
01 Aug - 04 Aug 09:00 AM - 05:00 PM CST
(8 Hours/Day)
1-on-1 Public We Offer :
  • 1-on-1 Public - Select your own start date. Other students can be merged.
  • 1-on-1 Private - Select your own start date. You will be the only student in the class.
4 Hours
8 Hours
Week Days
Weekend

Start Time : At any time

12 AM
12 PM

1-On-1 Training is Guaranteed to Run (GTR)
Classroom Training (Available: London, Dubai, India, Sydney, Vancouver)
Duration : On Request
Fee : On Request
On Request
Physical Classroom Training with 4 hours /8 hours option is available. Enquire Now!
Ultra-Fast Track

If you can't spare 32 hours. We can offer you an Ultra-Fast Track for 16 hours

Course Prerequisites
  • It is recommended that the students have a working knowledge of Microsoft Windows administration, system administration concepts, a basic understanding of computer security concepts, and a general understanding of viruses and anti-virus technologies.

 

Request More Information

Add Name and Email Address of participant (If different from you)

FAQ's


Yes, fee excludes local taxes.
Yes, we do.
The Fee includes:
  • Courseware
Yes, Koenig Solutions is a Open Source Learning Partner
Schedule for Group Training is decided by Koenig. Schedule for 1-on-1 is decided by you.
In 1-on-1 you can select your own schedule, other students can be merged but you select the schedule. Choose 1-on-1 if published schedule do not meet your requirement. If you also want a private session, opt for 1-on-1 Public.
Yes.
No, it is not included.
In both, you choose the schedule. In public, other participants can join, Private other participants want to join.
Yes, the site is secure by utilizing Secure Sockets Layer (SSL) Technology. SSL technology enables the encryption of sensitive information during online transactions. We use the highest assurance SSL/TLS certificate, which ensures that no unauthorized person can get to your sensitive payment data over the web.
We use the best standards in Internet security. Any data retained is not shared with third parties.
You can request a refund if you do not wish to enroll in the course.
To receive an acknowledgment of your online payment, you should have a valid email address. At the point when you enter your name, Visa, and other data, you have the option of entering your email address. Would it be a good idea for you to decide to enter your email address, confirmation of your payment will be emailed to you.
After you submit your payment, you will land on the payment confirmation screen. It contains your payment confirmation message. You will likewise get a confirmation email after your transaction is submitted.
We do accept all major credit cards from Visa, Mastercard, American Express, and Discover.
Credit card transactions normally take 48 hours to settle. Approval is given right away; however, it takes 48 hours for the money to be moved.
Yes, we do accept partial payments, you may use one payment method for part of the transaction and another payment method for other parts of the transaction.
Yes, if we have an office in your city.
Yes, we do offer corporate training More details
Yes, we do.
Yes, we also offer weekend classes.
Yes, Koenig follows a BYOL(Bring Your Own Laptop) policy.
It is recommended but not mandatory. Being acquainted with the basic course material will enable you and the trainer to move at a desired pace during classes. You can access courseware for most vendors.
Yes, this is our official email address which we use if a recipient is not able to receive emails from our @koenig-solutions.com email address.
Buy-Now. Pay-Later option is available using credit card in USA and India only.
You will receive the digital certificate post training completion via learning enhancement tool after registration.
Yes you can.
Yes, we do. For details go to flexi
You can pay through debit/credit card or bank wire transfer.
Dubai, Goa, Delhi, Bangalore.
Yes you can request your customer experience manager for the same.
Yes of course. 100% refund if training not upto your satisfaction.

Prices & Payments

Yes of course.
Yes, We are

Travel and Visa

Yes we do after your registration for course.

Food and Beverages

Yes.

Others

Says our CEO-
“It is an interesting story and dates back half a century. My father started a manufacturing business in India in the 1960's for import substitute electromechanical components such as microswitches. German and Japanese goods were held in high esteem so he named his company Essen Deinki (Essen is a well known industrial town in Germany and Deinki is Japanese for electric company). His products were very good quality and the fact that they sounded German and Japanese also helped. He did quite well. In 1970s he branched out into electronic products and again looked for a German name. This time he chose Koenig, and Koenig Electronics was born. In 1990s after graduating from college I was looking for a name for my company and Koenig Solutions sounded just right. Initially we had marketed under the brand of Digital Equipment Corporation but DEC went out of business and we switched to the Koenig name. Koenig is difficult to pronounce and marketeers said it is not a good choice for a B2C brand. But it has proven lucky for us.” – Says Rohit Aggarwal (Founder and CEO - Koenig Solutions)
All our trainers are fluent in English . Majority of our customers are from outside India and our trainers speak in a neutral accent which is easily understandable by students from all nationalities. Our money back guarantee also stands for accent of the trainer.
Medical services in India are at par with the world and are a fraction of costs in Europe and USA. A number of our students have scheduled cosmetic, dental and ocular procedures during their stay in India. We can provide advice about this, on request.
Yes, if you send 4 participants, we can offer an exclusive training for them which can be started from Any Date™ suitable for you.