【英文文档】Solidifier for Windows Installation Guide

Page 1
Solidifier for Windows
Installation Guide
Page 2
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
End User License Agreement
BY DOWNLOADING, INSTALLING, COPYING, ACCESSING, OR USING THIS SOFTWARE YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU
ARE ACCEPTING THESE TERMS ON BEHALF OF ANOTHER PERSON OR A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT AND WARRANT
THAT YOU HAVE FULL AUTHORITY TO BIND THAT PERSON, COMPANY, OR LEGAL ENTITY TO THESE TERMS. IF YOU DO NOT AGREE TO THESE
TERMS;
•
DO NOT DOWNLOAD, INSTALL, COPY, ACCESS, OR USE THE SOFTWARE; AND
•
PROMPTLY RETURN THE SOFTWARE AND PROOF OF ENTITLEMENT TO THE PARTY FROM WHOM YOU ACQUIRED THEM
1. Definition
a) “Authorized Partner” means any of McAfee’s
distributors, resellers or other business partners.
b) “Grant Letter” means a confirmation notice letter
issued electronically by McAfee to you confirming
Software and Support purchased by you including
the applicable product entitlement, as defined in
the Product Entitlement Definitions (further
described at Section 3(a) below) and also contains
download details.
c) “Documentation” means explanatory materials in
printed, electronic, or online form accompanying
the Software in English and other languages if
available.
d) “McAfee” means (a) McAfee, Inc., a Delaware
corporation, with offices located at 3965 Freedom
Circle, Santa Clara, California 95054, USA if the
Software is purchased in the United States,
Mexico, Central America, South America, or the
Caribbean; (b) McAfee Ireland Limited, with
offices located at McAfee Ireland Ltd, Building
2000, City Gate, Mahon, Cork, Ireland, if the
Software is purchased in Canada, Europe, the
Middle East, Africa, Asia (other than Japan), or
Oceania ; and (c) McAfee Co., Ltd. with offices
located at Shibuya Mark City West Building 12-1,
Dogenzaka 1-Chome, Shibuya-ku, Tokyo 150-
0043, Japan if the Software is purchased in Japan.
e) “Node” means any kind of device capable of
processing data and includes any of the following
types of computer devices: diskless workstations,
personal computer workstations, networked
computer workstations, homeworker/teleworker
home-based systems, file and print servers, email
servers, Internet gateway devices, storage area
network servers (SANS), terminal servers, or
portable workstations connected or connecting to
the server(s) or network.
f) “Software” means each McAfee software program in
object code format licensed by McAfee and
purchased from McAfee or its Authorized
Partners, including Upgrades.
g) “Subsidiary” refers to any entity controlled by you
through greater than fifty percent (50%) ownership
of the voting securities.
h) “Support” or “Technical Support” means the support
services offered by McAfee for the support and
maintenance of the Software and McAfee brand
hardware further specified in the McAfee
Technical Support and Maintenance Terms.
i) “Updates” are related to content and include without
limitation all DATs, signature sets, policy updates,
database updates for the Software which are made
generally available to McAfee’s customer base as
a part of purchased Support and which are not
separately priced or marketed by McAfee.
j) “Upgrade” means any and all improvements in the
Software which are made generally available to
McAfee’s customer base as a part of purchased
Support and which are not separately priced or
marketed by McAfee.
2. License Grant. Subject to the terms and conditions of
this Agreement, McAfee hereby grants to you a
non-exclusive, non-transferable right to use the
Software (for the purpose of this Agreement, use
of the Software means to access, install, download,
copy or otherwise benefit from using the
Software) listed in the Grant Letter solely for your
own internal business operations. You
acknowledge that the Software and all related
information are proprietary to McAfee and its
suppliers. You are not granted rights to Updates
and Upgrades unless you have purchased Support
or a service subscription.
3. Copy and Use Terms
a)
Product entitlement. The use of the Software
depends on the licenses purchased (e.g. Nodes)
and is subject to the Product Entitlement
Definitions
set
forth
at
http://www.mcafee.com/us/local_content/legal/pro
duct_entitlement_definitions.pdf on the applicable
date of your Grant Letter.
b)
Multiple platforms/ Bundles. If the Software
supports multiple platforms or if you receive the
Software bundled with other software, the total
number of devices on which all versions of the
Software is installed may not exceed your product
entitlement.
c)
Term. The license is effective for a limited time
period (“Term”) in the event that such Term is set
forth in the Grant Letter, otherwise the licenses
shall be perpetual.
d)
Copies. You may copy the Software as reasonably
necessary for backup, archival or disaster recovery
purposes.
e)
Subsidiaries. You may permit use of the Software
in accordance with the terms of this Agreement by
a Subsidiary only for so long as such entity
remains your Subsidiary. You shall be responsible
and fully liable for each Subsidiary’s compliance
with or breach of the terms of this Agreement.
f)
Managing Party. If you enter into a contract with
a third party in which the third party manages your
information technology resources (“Managing
Party”), you may transfer all your rights to use the
Software to such Managing Party, provided that
(a) the Managing Party only uses the Software for
your internal operations and not for the benefit of
another third party or the Managing Party; (b) the
Managing Party agrees to comply with the terms
and conditions of this Agreement, and (c) you
provide McAfee with written notice that a
Managing Party will be Using the Software on
your behalf.
g)
General Restrictions. You may not, nor allow any
third party to: (i) decompile, disassemble, or
reverse engineer the Software, except to the extent
expressly permitted by applicable law, without
McAfee’s prior written consent; (ii) remove any
product identification or proprietary rights notices
of the Software or Documentation; (iii) lease, lend,
or use the Software for timesharing or service
bureau purposes; (iv) modify or create derivative
works of the Software, (v) except with McAfee’s
prior written permission, publish any performance
or benchmark tests or analysis relating to the
Software; or (vi) otherwise use or copy the
Software except as expressly provided herein.
4. Technical Support and Maintenance. The McAfee
Technical Support and Maintenance Terms apply if you
have purchased Support. The McAfee Technical Support
and Maintenance Terms are incorporated by reference and
can
be
found
at
http://www.mcafee.com/us/support/support_terms_n_con
ditions.html. After the support or service subscription
period specified in a Grant Letter has expired, you have
no further rights to receive any Support including
Upgrades, Updates, and telephone support.
5. Limited Warranty and Disclaimer.
a)
Limited Warranty. McAfee warrants that, for a
period of sixty (60) days from the purchase date
(“Warranty Period”), the Software licensed
hereunder (including Upgrades provided within
the Warranty Period for the remainder of the
Warranty Period) will perform substantially in
accordance with the Documentation.
b)
Exclusive Remedy. In case of any breach of the
above limited warranty, McAfee will (a) repair or
replace the Software or (b) if such repair or
replacement would in McAfee’s opinion be
commercially unreasonable, refund the price paid
by you for the applicable Software.
c)
Exclusion of Warranty. The above Limited
Warranty will not apply if: (i) the Software is not
used in accordance with this Agreement or the
Documentation; (ii) the Software or any part
thereof has been modified by any entity other than
McAfee; or (iii) a malfunction in the Software has
been caused by any equipment or software not
supplied by McAfee.
d)
Disclaimer. THE ABOVE WARRANTIES ARE
YOUR EXCLUSIVE WARRANTIES AND
REPLACE ALL OTHER WARRANTIES OR
CONDITIONS, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO
WARRANTIES OR CONDITIONS OF
MERCHANTABILITY,
SATISFACTORY
QUALITY, FITNESS FOR A PARTICULAR
PURPOSE,
TITLE
AND
NON-
INFRINGEMENT. EXCEPT FOR THE
LIMITED WARRANTY SET FORTH ABOVE,
THE SOFTWARE IS PROVIDED "AS IS" AND
MCAFEE MAKES NO WARRANTY OR
GUARANTEE AS TO ITS USE OR
PERFORMANCE AND DOES NOT WARRANT
OR GUARANTEE THAT THE OPERATION OF
THE SOFTWARE WILL BE FAIL SAFE,
UNINTERRUPTED OR FREE FROM ERRORS
OR DEFECTS OR THAT THE SOFTWARE
WILL PROTECT AGAINST ALL POSSIBLE
THREATS.
e)
Exceptions. Some states or jurisdictions do not
allow the exclusion of express or implied
warranties, so the above disclaimer may not apply
to you. IN THAT EVENT SUCH EXPRESS OR
IMPLIED WARRANTIES SHALL BE LIMITED
IN DURATION TO THE WARRANTY PERIOD
(OR THE MINIMUM PERIOD REQUIRED BY
THE APPLICABLE LAW).
6. Limitation of Remedies and Damages. UNDER NO
CIRCUMSTANCES AND UNDER NO LEGAL
THEORY, WHETHER IN TORT, CONTRACT OR
OTHERWISE, SHALL EITHER PARTY BE LIABLE
TO THE OTHER FOR ANY INDIRECT, SPECIAL,
INCIDENTAL OR CONSEQUENTIAL DAMAGES,
DAMAGES FOR LOSS OF PROFITS, LOSS OF
GOODWILL, LOSS OF PERSONNEL SALARIES,
WORK STOPPAGE, AND/OR COMPUTER FAILURE
OR MALFUNCTION, AND/OR COSTS OF
PROCURING SUBSTITUTE SOFTWARE OR
SERVICES.
Regardless of whether the claim for such damages is
based in contract, tort and/or any other legal theory, in no
event shall either party’s aggregate liability to the other
party for direct damages exceed the lesser of:
a)
the amount of total fees paid or payable by you for
the Software giving rise to such claim during the
12 months immediately preceding the event giving
rise to such claim, or
b)
the applicable McAfee list price, at the date of the
purchase, for the Software giving rise to such
claim ordered by you during the 12 months
immediately preceding the event giving rise to
such claim, even if the other party has been
advised of the possibility of such damages.
No provision of this Agreement shall exclude or limit in
any way (i) the liability of either party for death or
personal injury caused by negligence, or (ii) your liability
for excess usage of, and/or any breach of McAfee’s
intellectual property rights in the Software.
THE LIMITATION OF LIABILITY IN THIS SECTION
IS BASED ON THE FACT THAT END USERS USE
THEIR COMPUTERS FOR DIFFERENT PURPOSES.
THEREFORE, ONLY YOU CAN IMPLEMENT BACK-
iii
Page 3
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
UP PLANS AND SAFEGUARDS APPROPRIATE TO
YOUR NEEDS IN THE EVENT AN ERROR IN THE
SOFTWARE CAUSES COMPUTER PROBLEMS AND
RELATED DATA LOSSES. FOR THESE BUSINESS
REASONS YOU AGREE TO THE LIMITATIONS OF
LIABILITY
IN
THIS
SECTION
AND
ACKNOWLEDGE
THAT
WITHOUT
YOUR
AGREEMENT TO THIS PROVISION, THE FEE
CHARGED FOR THIS SOFTWARE WOULD BE
HIGHER.
7. Intellectual Property Indemnity.
a)
Third party claims. McAfee shall defend and hold
you harmless from any claim by a third party that
the Software infringes any patent, copyright or
trade secret of that third party, provided: (i)
McAfee is notified promptly, and in any event no
later than within 14 days upon your receipt of
notice of the claim; (ii) McAfee receives
reasonable cooperation from you necessary to
perform McAfee’s obligations hereunder; and (iii)
McAfee has sole control over the defense and all
negotiations for a settlement or compromise of the
claim. The foregoing obligation of McAfee does
not apply with respect to Software or portions or
components thereof: (i) not supplied by McAfee;
(ii) used in a manner not expressly authorized by
this Agreement or the relevant Documentation (iii)
made in accordance with your specifications; (iv)
modified by anyone other than McAfee, if the
alleged infringement relates to such modification;
(v) combined with other products, processes or
materials where the alleged infringement would
not exist but for such combination; or (vi) where
you continue the allegedly infringing activity after
being notified thereof and provided with
modifications that would have avoided the alleged
infringement.
b)
Remedy and Liability. In the event the Software is
held by a court of competent jurisdiction to
constitute an infringement or use of the Software
is enjoined, McAfee shall, at its sole option, do
one of the following: (i) procure for you the right
to continue use of the Software; (ii) provide a
modification to the Software so that its use
becomes non-infringing; (iii) replace the Software
with software which is substantially similar in
functionality and performance; or (iv) if none of
the foregoing alternatives is reasonably available
to McAfee, McAfee shall refund the residual value
of the purchase price paid by you for the
infringing Software, depreciated using a straight
line method of depreciation over a three (3) year
period from the date of delivery of the Software to
you. This Section 7 states McAfee’s sole liability
and your exclusive remedy for intellectual
property infringement claims.
8. Termination. Without prejudice to your payment
obligations, you may terminate your license at any time
by de-installing the Software. McAfee may terminate
your license in the event you materially breach the terms
of this Agreement and you fail to cure such breach within
thirty (30) days of receiving notice of such breach. Upon
such termination you shall promptly return or destroy all
copies of the Software and Documentation.
9. Additional Terms.
a)
Evaluation Software. If the Software has been
identified as “Evaluation Software”, then the
provisions of this section apply and shall
supersede any other conflicting term of this
agreement. Your royalty free, non-transferable,
limited license to use the Evaluation Software, for
evaluation purposes only, is limited to thirty (30)
days unless otherwise agreed to in writing by
McAfee. The Evaluation Software may contain
errors or other problems that could cause system
or other failures and data loss. Consequently,
Evaluation Software is provided to you "AS-IS",
and McAfee disclaims any warranty or liability
obligations to you of any kind. Any information
about the Evaluation Software gathered from its
use shall be used solely for evaluation purposes
only and shall not be provided to any third parties.
The restrictions described in Section 3 g) apply. If
you fail to destroy the Evaluation Software after
the evaluation period has expired, McAfee may, at
its discretion, invoice you in an amount equal to
the McAfee List Price for the Evaluation Software
and you shall pay such invoice upon receipt.
WHERE LEGAL LIABILITY CANNOT BE
EXCLUDED, BUT MAY BE LIMITED,
MCAFEE’S LIABILITY AND THAT OF ITS
SUPPLIERS AND AUTHORIZED PARTNERS
SHALL BE LIMITED TO THE SUM OF FIFTY
(50) DOLLARS OR THE EQUIVALENT IN
LOCAL CURRENCY IN TOTAL.
b)
Beta Software. If the Software you have received
has been identified “Beta” Software, then the
provisions of Section 9 a above shall apply
accordingly. McAfee has no obligation to you to
further develop or publicly release the Beta
Software. If requested by McAfee, you will
provide feedback to McAfee regarding testing and
use of the Beta Software, including error or bug
reports. You agree to grant McAfee a perpetual,
non-exclusive, royalty-free, worldwide license to
use, copy, distribute, make derivative works and
incorporate the feedback into any McAfee product
at McAfee’s sole discretion. Upon receipt of a
later unreleased version of the Beta Software or
release by McAfee of a publicly released
commercial version of the Beta Software you
agree to return or destroy all earlier Beta Software
received from McAfee
c)
“Free“ or “Open Source” Software. The product
may include programs or code that are licensed
under an Open Source Software (“OSS”) license
model. OSS programs and code are subject to the
terms, conditions and obligations of the applicable
OSS license, and are SPECIFICALLY
EXCLUDED FROM ALL WARRANTY AND
SUPPORT
OBLIGATIONS
DESCRIBED
ELSEWHERE IN THIS AGREEMENT.
10. Notice to United States Government End Users.
The Software and accompanying Documentation are
deemed to be "commercial computer software" and
"commercial computer software documentation,"
respectively, pursuant to DFAR Section 227.7202 and
FAR Section 12.212, as applicable. Any use,
modification, reproduction, release, performance, display
or disclosure of the Software and accompanying
Documentation by the United States Government shall be
governed solely by the terms of this Agreement and shall
be prohibited except to the extent expressly permitted by
the terms of this Agreement.
11. Privacy.
a)
By entering into this Agreement, you agree that
McAfee may collect, retain and use personally
identifiable data, including your name, address, e-
mail address and payment details. Your personal
information will be used primarily to provide
services and product functionality to you either by
McAfee or its contractors or business partners.
McAfee may also use your personal information
for additional communication with you subject to
applicable laws. By entering into this Agreement,
you agree to the transfer of your personal
information to McAfee offices worldwide for the
purposes stated above. For more detailed
information on the collection, use and transfer of
your personal information, please read the McAfee
privacy policy on the McAfee web site
(www.McAfee.com).
b)
You acknowledge and agree that the Software may
contain functionality to detect and report threats
and vulnerabilities on your computer network.
Such functionality may automatically collect
information about your system (including without
limitation information regarding network, licenses
used, operating system types, versions, total
scanners deployed, database size etc) and submit
such consolidated information to McAfee.
12. Audit. McAfee may, at its expense, upon reasonable
prior written notice to you and during standard business
hours, audit you with respect to your compliance with the
terms of this Agreement no more than once per year. You
understand and acknowledge that McAfee utilizes a
number of methods to verify and support software use by
its customers. These methods may include technological
features of the Software that prevent unauthorized use and
provide Software deployment verification. Upon
reasonable request, you will provide a system generated
report verifying your Software deployment, such request
to occur no more than two (2) times per year. McAfee
will not unreasonably interfere with the conduct of your
business.
13. Export Controls. You acknowledge that the
Software is subject to U.S. and when applicable,
European Union export regulations. You shall comply
with applicable export and import laws and regulations for
the jurisdiction in which the Software will be imported
and/or exported. You shall not export the Software to any
individual, entity or country prohibited by applicable law
or regulation. You are responsible, at your own expense,
for any local government permits, licenses or approvals
required for importing and/or exporting the Software. For
additional information regarding exporting and importing
the
Software,
see
http://mcafee.com/us/about/export_compliance/index.html
. McAfee reserves the right to update this website from
time to time at its sole discretion.
14. Governing Law. This Agreement will be governed
by and construed in accordance with the substantive laws
in force: (a) in the State of New York, if you purchased
the Software in the United States, Mexico, Central
America, South America, or the Caribbean; (b) in the
Republic of Ireland, if you purchased the Software in
Canada, Europe, Middle East, Africa, Asia (other than
Japan), or the region commonly referred to as Oceania;
and (c) in Japan if you purchased the Software in Japan.
If you purchased the Software in any other country, then
the substantive laws of the Republic of Ireland shall
apply, unless another local law is required to be applied.
This Agreement will not be governed by the conflict of
laws rules of any jurisdiction or the United Nations
Convention on Contracts for the International Sale of
Goods, the application of which is expressly excluded.
The Uniform Computer Information Transactions Act as
enacted shall not apply, The United States District Court
for the Southern District of New York, when New York
law applies, the courts of the Republic of Ireland, when
the law of Ireland applies, the courts of Japan when
Japanese law applies, shall each have non-exclusive
jurisdiction over all disputes relating to this Agreement.
15. Miscellaneous.
a)
Except for actions for nonpayment or breach of
McAfee’s proprietary rights in the Software and
Documentation, no action, regardless of form,
arising out of this Agreement may be brought by
either party more than 2 years after a party knew
or should have known of the claim.
b)
Any terms of this Agreement which by their nature
should survive the termination of this Agreement
shall survive such termination.
c)
This Agreement, including all documents
incorporated by reference, represents the entire
agreement between the parties, and expressly
supersedes and cancels any other communication,
representation or advertising whether oral or
written, on the subjects herein. If you issue an
order to an Authorized Partner or to McAfee and
the terms and conditions of the order conflict with
the terms and conditions of a) this Agreement or
b) of the Grant Letter, then the terms and
conditions specified in this Agreement and in the
Grant Letter shall control. This Agreement may
not be modified except by a written addendum
issued by a duly authorized representative of
McAfee. No provision hereof shall be deemed
waived unless such waiver shall be in writing and
signed by McAfee. If any provision of this
Agreement is held invalid, the remainder of this
Agreement shall continue in full force and effect.
d)
All notices, requests, demands, and determinations
for McAfee under this Agreement (other than
routine operational communications) shall be sent
to: the applicable entity address on the first page
of this Agreement addressed to “Attention: Legal
Department”.
McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA
Document Version: 3.0
Product Version: Windows 5.1.0-
6824
Publication Date: September 2010
iii
Page 4
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
Table of Contents
PREFACE ..................................................................................................................................................... 2
ABOUT THIS GUIDE..................................................................................................................................... 2
AUDIENCE................................................................................................................................................... 2
DOCUMENT ORGANIZATION ....................................................................................................................... 2
DOCUMENT CONVENTIONS ......................................................................................................................... 2
CONTACTING SUPPORT ............................................................................................................................... 3
ABOUT MCAFEE® SOLIDIFIER ............................................................................................................ 4
INSTALLATION OPERATIONS .............................................................................................................. 5
OVERVIEW.................................................................................................................................................. 5
SYSTEM REQUIREMENTS............................................................................................................................. 5
INSTALLING SOLIDIFIER.............................................................................................................................. 5
Before You Start..................................................................................................................................... 5
Solidifier Installers ................................................................................................................................ 6
Install Solidifier (Interactive installation) ............................................................................................. 7
Install Solidifier (Non-Interactive or Silent Installation)..................................................................... 14
Verifying Installation ........................................................................................................................... 16
SLD BASED INSTALLATION ...................................................................................................................... 16
UNINSTALLING SOLIDIFIER....................................................................................................................... 17
Before You Start................................................................................................................................... 17
Uninstall Solidifier (Interactive Uninstallation).................................................................................. 17
Uninstall Solidifier (Non-Interactive or Silent Uninstallation) ........................................................... 17
Verifying Uninstallation ...................................................................................................................... 18
UPGRADING SOLIDIFIER............................................................................................................................ 18
Before you start ................................................................................................................................... 18
Upgrade Solidifier (Interactive Upgrade) ........................................................................................... 18
Upgrade Solidifier (Non-interactive or Silent Upgrade)..................................................................... 19
ADVANCED SOLIDIFIER CONFIGURATION ................................................................................... 21
CLUSTER SERVER SUPPORT FOR SOLIDIFIERS........................................................................................... 21
Cluster Server setup requirements ....................................................................................................... 21
Cluster Server setup configuration ...................................................................................................... 21
Solidifier integration with clustering................................................................................................... 22
APPENDIX: TROUBLESHOOTING ...................................................................................................... 23
1
Page 5
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
Preface
About this Guide
The McAfee® Solidifier for Windows Installation Guide provides step-by-step instructions for
installing the Solidifier on the Windows platforms.
See the McAfee® Solidifier for Windows NT Installation Guide for details of installing the
Solidifier on the Windows NT4 system.
Audience
The intended audience for this guide is the System Administrator who will be responsible for
installing McAfee® Solidifier in an Enterprise. The System Administrator is assumed to be
familiar with the IT operations on systems. Advanced knowledge of any specific operating
system or application is not required.
Document Organization
This document is organized as follows:
• Chapter “About McAfee® Solidifier” provides an overview about Solidifier.
• Chapter “Installation Operations” describes system requirements, steps to install, uninstall,
and upgrade Solidifier.
• Chapter “Advanced Solidifier Configuration” describes about the Microsoft Cluster Server
Support added to Solidifier.
• “Appendix: Troubleshooting” provides installation based trouble-shooting tips based on the
errors seen or reported.
Document Conventions
The following conventions distinguish different types of text:
• Commands and keywords are in boldface.
• In interactive examples, user input is in boldface.
• CLI command syntax is preceded by the prompt “S3>”.
• In command syntax statements
o Parameters (variables for which a specific value is to be typed) are in italics.
o Optional arguments are in [square braces].
o Alternative arguments are separated by vertical bars, and are grouped within {curly
braces}.
• Names of keys on the keyboard are in square braces, such as the [Tab] key.
2
Page 6
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
• A control key is indicated by a caret preceding a letter: ^A means Control-A.
Note: Means reader should take a note. Notes contain helpful suggestions or references to
material not covered in the guide.
Contacting Support
• World Wide Web: https://mysupport.mcafee.com/
• Phone: +1(408)988-3832
• Product Updates: https://secure.nai.com/apps/downloads/my_products/login.asp
3
Page 7
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
About McAfee® Solidifier
The McAfee® Solidifier’s Change Control module for Windows provides a real-time change
monitoring and auditing of changes to software code and configuration on servers. It monitors
and reports changes to files, directories, processes and the Windows registry for specific changes
within them.
It can also enforce change policy by permitting changes to files, directories and the Windows
registry only when an update window is explicitly opened and prevent all write/update actions at
all other times.
The McAfee® Solidifier’s Runtime Control module for Windows solves the problem of rising
operational costs of security. It employs Solidification™: a fundamentally new, persistent and
deterministic approach that gives security via control, but with low operating costs. Its genesis is
in the best practices that IT departments have followed for years. Operations administrators want
to ensure that their systems are in a known and verified state. Solidification ensures this by
guaranteeing that only authorized code can run; hence their systems in production are running
only the code authorized by them.
The Solidifier usually works in close conjunction with McAfee® System Controller. The
Solidifier is deployed on nodes running mission critical applications, whereas, the System
Controller is deployed centrally. The Solidifiers communicate with the System Controller using
the Secure Socket Layer (SSL) protocol for transmitting all events issued by the Solidifiers.
The Solidifier works in three modes:
• Disabled mode: After installation, the default mode of the Solidifier is Disabled. You need to
change the Solidifier mode to Enabled for getting it operational.
• Enabled mode: The Enabled mode is the operational mode of the Solidifier. The Solidifier is
fully functional in this mode.
• Update mode: The Update Mode permits updates to a system and allows all update actions
including addition, removal or modification of software on the system. It tracks every update
action (change) and allows software maintenance.
4
Page 8
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
Installation Operations
Overview
This chapter describes the installation of McAfee® Solidifier on a Windows system. It also
makes you aware of the steps to be followed for uninstalling and upgrading the product.
This chapter covers the following topics:
• “System Requirements”
• “Installing Solidifier”
• “SLD Based Installation”
• “Uninstalling Solidifier”
• “Upgrading Solidifier”
System Requirements
Please refer McAfee® Solidifier for Windows Release Notes for system requirements.
Installing Solidifier
You are required to read the following information before installing the Solidifier to understand
the installation process and considerations in a better way.
Before You Start
Download the McAfee Solidifier for Windows Installer from Solidifier Support website and
perform the following pre-installation tasks:
• Ensure that you have administrative privileges to install the product and you logon to the
system with these privileges only.
• The system meets the requirements listed in “System Requirements” section of this
document.
• Verify that the system does not have an existing Solidifier installation. Installation may fail, if
another instance of the Solidifier is already installed and is in Enabled mode.
• Solidifier should not be installed in the <SYSTEM_VOLUME>\Solidcore directory or its sub-
directories.
• Solidifier should be installed only on supported file systems. Refer “System Requirements”
for more details.
• Solidifier must not be installed on a non-system drive.
• Review release notes for the latest information about this release.
• Keep the serial key handy before starting installation.
5
Page 9
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
• Some Anti-virus programs like Norton Internet Security 2006 can block the execution of
Solidifier files leading to issues like configuration not being set properly. In order to avoid
this problem, you can either disable these Anti-virus programs before installing Solidifier or
ensure that these programs allow Solidifier files to run.
• (All except Windows 2000) If you have other file-security programs (antivirus programs or
file-encryption programs) installed and running on your machine, please create a registry key
named DfsIrpStackSize under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup\Parameters and set its
decimal value to 10. If this registry key already exists, please ensure that its decimal value is
set to 10.
Solidifier Installers
Different installers are available based on the target architecture and OS distributions. Each
installer is named as setup-win-<os>-<arch>-<rel>.<build>.exe where <arch> is x86 for 32-bit
architecture, ia64 for Intel 64-bit architecture, and amd64 for AMD 64-bit architecture and are
applicable for different OSs as follows:
<os>
<arch> Applicable for…
2000
x86
Windows Server 2000 (32-bit)
x86
Windows Server 2003 (32-bit)
2003
ia64
Windows Server 2003 (Intel 64-bit)
NT41
x86
Windows NT (32-bit)
x86
Windows Vista (32-bit)
Windows Server 2008 (32-bit)
vista-2008
amd64
Windows Vista (AMD 64-bit)
Windows Server 2008 (AMD 64-bit)
Windows 2008 Server Core (AMD 64-bit)
xp
x86
Windows XP (32-bit)
Windows XPE (32-bit)
Windows Embedded Point of Service (WEPOS)
(32-bit)
Windows Embedded Standard 2009 (32-bit)
1 For installation on Windows NT, please refer McAfee® Solidifier for Windows NT Installation Guide.
6
Page 10
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
<os>
<arch> Applicable for…
Windows Embedded POSReady 2009 (32-bit)
xp-2003
amd64
Windows XP (AMD 64-bit)
Windows Server 2003 (AMD 64-bit)
Release number <rel> and Build number <build> are indicated in McAfee® Solidifier for
Windows Release Notes.
For instance, you should download and install setup-win-2003-x86-<rel>.<build>.exe on
Windows Server 2003 (32-bit). Similarly, you should download and install setup-win-2003-ia64-
<rel>.<build>.exe on Windows Server 2003 (Intel 64-bit) or setup-win-xp-2003-amd64-
<rel>.<build>.exe on Windows Server 2003 (AMD 64-bit).
Install Solidifier (Interactive installation)
The Solidifier installer launches an installation wizard that guides you through the steps required
to configure and install Solidifier on the computer. Follow on-screen instructions to proceed with
the installation. You can use < Back and Next > buttons to return to earlier screens and make
corrections as necessary. You can also use the Cancel button on any screen to interrupt the
installation procedure.
To install Solidifier in an interactive mode, perform the following steps:
1. Download the applicable McAfee Solidifier for Windows Installer from Solidifier Support
website on your hard disk. See “Solidifier Installers” for details of choosing the applicable
installer.
2. (Only on Windows Vista with UAC enabled), right-click on the installer file in Windows
Explorer and select Run as Administrator.
7
Page 11
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
3. Double-click on the Installer file in Windows Explorer to invoke the installation wizard.
The Preparing to Install screen appears:
8
Page 12
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
4. After the installation preparation is over, the Welcome screen appears:
Click Next > to continue.
9
Page 13
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
5. The License Agreement screen appears:
Click I accept the terms in the license agreement radio button to accept the terms of the
license agreement. Click Next > to continue.
10
Page 14
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
6. The Customer Information screen appears:
Provide the User Name, Organization name, and Serial Number. Click Next > to continue.
11
Page 15
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
7. The Destination Folder screen appears:
Configure as follows:
o By default, the installer installs Solidifier for Windows in the C:\Program
Files\McAfee\Solidcore folder. You can accept the default installation folder and
continue. To specify a different location, click Change... In the dialog box that appears,
you can specify a folder path name (up to 240 characters only) in case Solidifier is to be
installed at a location other than the default location.
o A Desktop Shortcut for McAfee Solidifier Command Line is created by default. Uncheck
Create Desktop Shortcut if you do not want the Installer to create this Desktop shortcut.
o You can choose to run a batch file (containing Solidifier commands) or an executable file
for performing post-installation customizations. The specified file gets launched
automatically after Solidifier has been successfully installed on the system. Click
Browse… button to select a batch file or an executable file.
Click Next > to continue.
12
Page 16
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
8. The Ready to Install the Program screen appears:
To review/change your settings, click < Back. Then, use the < Back and Next > buttons to
navigate between the Installer screens. Finally, click Install to begin the installation.
13
Page 17
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
9. After successful installation, the following screen appears informing that the installation is
complete.
Click Finish to exit the wizard.
McAfee Solidifier is now successfully installed.
Install Solidifier (Non-Interactive or Silent Installation)
Solidifier contains built-in support for non-interactive or silent installation. You can use the non-
interactive mode of installation if you do not want to display the Solidifier Installer progress bar
when it launches. Silent installation is recommended for use in medium to large scale
deployments. It can also be used for generating an installer configuration file that can be used for
installing Solidifier on several systems. Once the configuration file is set up, the silent installation
runs without your interaction. To perform silent installation, use the command line options
provided to suppress all interaction and provide parameters for all options. When you perform a
silent installation, no messages are displayed. Instead, a log file captures the installation
information, including whether the installation was successful. You can then review the log file
and determine the results of installation.
At default location
By default, the Solidifier is installed in the C:\Program Files\McAfee\Solidcore directory on the
target system. To install Solidifier in a non-interactive mode, perform the following steps:
14
Page 18
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
1. Download the applicable McAfee Solidifier for Windows Installer from Solidifier Support
website on your hard disk. See “Solidifier Installers” for details of choosing the applicable
installer.
2. Invoke the command prompt (Start > Programs > Accessories > Command Prompt). The
Command Prompt window appears.
3. Start silent installation using the following command:
<SSInstaller-file> /s /v" /qn "SERIALNUMBER=xxxx-xxxx-xxxx-xxxx-
xxxx" SHORTCUT=<n> POSTINSTALL=<complete_file_path> /l+*v
\"%SYSTEMROOT%\S3Setup.log""
Please note the following:
• There is a double quote (") after /v, and space between /s and /v.
• You can control the creation of the McAfee Solidifier desktop shortcut using the additional
argument SHORTCUT=n in the non-interactive installation command. To skip the creation of
the shortcut, assign 0 to the SHORTCUT argument. To create the shortcut, either do not provide
the SHORTCUT argument or assign it the value 1.
• For POSTINSTALL file input, file paths containing spaces must be specified enclosed in
double quotes ("), for example, POSTINSTALL=\"C:\\My Dir\\batch.exe\".
At User-specified location
You can install Solidifier in a location other than the default location as follows:
1. Download the applicable McAfee Solidifier for Windows Installer from Solidifier Support
website on your hard disk. See “Solidifier Installers” for details of choosing the applicable
installer.
2. Invoke the command prompt (Start > Programs > Accessories > Command Prompt). The
Command Prompt window appears.
3. Start silent installation using the following command:
<SSInstaller-file> /s /v" /qn "SERIALNUMBER=****-****-****-****-
****" SHORTCUT=<n> INSTALLDIR=\"C:\\My Dir\\Solidcore\\S3\"
POSTINSTALL=<complete_file_path> /l+*v \"%SYSTEMROOT%\S3Setup.log""
Please note the following:
• There is a double quote (") after /v, and space between /s and /v.
• You can control the creation of the McAfee Solidifier desktop shortcut using the additional
argument SHORTCUT=n in the non-interactive installation command. To skip the creation of
the shortcut, assign the SHORTCUT argument any value other than 1. To create the shortcut,
either do not provide the SHORTCUT argument or assign it the value 1.
• You can specify a folder path name of up to 240 characters only (total string length including
special characters) with the INSTALLDIR argument.
15
Page 19
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
Verifying Installation
After a successful completion of the installation process:
1. An entry for McAfee > Solidifier is added to the Programs menu.
2. The McAfee Solidifier Command Line shortcut icon is created on the desktop.
3. A file named swin.sys is added to the following location:
%SystemRoot%\System32\Drivers
4. The McAfee Solidifier Service is added under Windows Services.
5. Solidifier-specific registry setting is created at the following location:
My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swin
My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scsrvc
6. Additional files are placed in the install directory. These files are internal to the Solidifier and
should not be modified.
7. The Solidifier installer creates a log file named S3Setup.log in %SYSTEMROOT%. You can
view the log file contents and see if any errors occurred during the installation process. If the
installation has not been successful, the errors can be captured by msi events in the Event Log
and also the Solidifier installation log file. Information related to the success or failure of
post-installation customization is also reported in S3Setup.log file.
SLD Based Installation
Solidifier can be installed as a package to an SLD-based OS Image. This section describes the
procedure to install Solidifier using Microsoft Embedded Studio and build SLD-based images.
You can import Solidcore.sld into the Component Database Manager already having Solidifier as
a component. Follow the steps given below to import the Solidifier’s Solidcore.sld:
1. Unzip the package named Solidcore_SLD.zip provided with the Solidifier for Windows
installer.
Note: While extracting Solidcore_SLD.zip, a folder, namely, Files is extracted along with
Solidcore.sld which should remain in the same directory in which Solidcore.sld is present.
2. Click at Start > Programs > Microsoft Windows Embedded Studio > Component Database
Manager. The Microsoft Component Database Manager window comes up on the screen.
3. Select the Import button. The Import SLD dialog box appears on the screen.
4. Open the Solidcore.sld file by clicking at the Browse (…) button.
5. Click at Import button. The Solidcore.sld file gets added to the database.
6. Close the Import SLD dialog box and the Component Database Manager window.
16
Page 20
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
Uninstalling Solidifier
This section helps you to understand the steps to be followed to uninstall the product. Read the
following important points before you proceed with uninstallation.
Note: You cannot uninstall Solidifier from a restored OS image.
Before You Start
• Logon to the system with administrative privileges only.
• McAfee Solidifier command line prompt should not be open when you proceed with the
uninstallation process.
• Solidifier should be in Disabled state. If it is in Enabled state, then disable Solidifier using
the following command and then restart the system:
S3> sadmin disable
Note: You can issue the disable command from the System Controller also to disable the
Solidifier.
Uninstall Solidifier (Interactive Uninstallation)
To uninstall Solidifier in an interactive mode, click Start > Settings > Control Panel and then
double-click Add or Remove Programs. The Add or Remove Programs window is displayed.
Select McAfee Solidifier and then click Remove to uninstall Solidifier.
Alternatively, double-click on the Setup.exe file in the Windows Explorer and follow the dialogs
to uninstall the Solidifier.
Uninstall Solidifier (Non-Interactive or Silent Uninstallation)
To uninstall Solidifier in a non-interactive mode, perform the following steps:
1. Invoke the command prompt (Start > Programs > Accessories > Command Prompt). The
Command Prompt window displays on the screen.
2. Start silent uninstallation using the following command:
> %SYSTEMROOT%\system32\msiexec.exe /X{432DB9E4-6388-432F-9ADB-
61E8782F4593} /qn
Note: During silent uninstallation, the messages displayed on the screen should be ignored.
After successful completion of the uninstallation process, all entries as described in “Verifying
Installation” are removed except the following:
• The log file named S3Setup.log located in %SYSTEMROOT%.
• An empty Solidcore folder may be left in the installation folder (typically, the C:\Program
Files\McAfee folder)
17
Page 21
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
• The certificate folder if there is any public certificate present in this folder.
• Registry key HKLM\Software\Network Associates is left on the system, because some other
product might be using it.
Verifying Uninstallation
When the Solidifier is uninstalled, all related files are removed from the file system. The
uninstallation process reverses any configuration changes made during installation. It also
removes all directories, files and registry entries created during installation. No system files are
modified during installation or uninstallation.
Upgrading Solidifier
Before you start
Please note the following:
1. You can upgrade Solidifier at the current installed location only. Upgrade to an alternate path
is not supported.
2. During upgrade, Solidifier gets disconnected from System Controller. But after successful
upgrade, the host is automatically connected to System Controller and retains the same state
as it was before upgrade.
3. You can upgrade Solidifier when it is running in either Disabled mode or Update mode.
However, it is recommended that the upgrade should be performed in Update mode only.
(Only applicable for Runtime Control license) In Disabled mode, you must re-solidify the
machine using the sadmin solidify command.
4. Please note that the default monitoring rule list as seen in fresh installation will not be
imported on upgrade. All other filter, read-protect, and write-protect rules applied before
upgrade will remain intact. For more details on the default monitoring rule list, refer the
McAfee® Solidifier User’s Guide.
Upgrade Solidifier (Interactive Upgrade)
To upgrade Solidifier in an interactive mode, perform the following steps:
1. Log on to the system with administrative privileges.
2. Check Solidifier status using the following command:
S3> sadmin status
3. If Solidifier is in Enabled mode, change Solidifier to Update mode or Disabled mode using
one of the following commands:
S3> sadmin disable
18
Page 22
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
Or
S3> sadmin begin-update
4. Run Solidifier Installer to install the latest version. See “Solidifier Installers” for selecting the
applicable Solidifier Installer.
5. If Solidifier was in Update mode when you started upgrade, click OK to restart the system
when prompted. This step is not required if Solidifier was in Disabled mode earlier.
Note: If upgrade is being performed from ePolicy Orchestrator and the system was in Update
mode when upgrade started, the prompt to reboot the system will not appear.
6. Issue the following command to verify that the new version has been installed:
S3> sadmin version
7. If Solidifier was in Update mode before you started upgrade, Solidifier will be in Update
mode. You can now move to Enabled mode by issuing the following command:
S3> sadmin end-update
Or
S3> sadmin eu
Solidifier status will be changed to Enabled.
8. Similarly, if Solidifier was in Disabled mode before you started upgrade, Solidifier will be in
Disabled mode after the upgrade. You can now move to Enabled mode by issuing the
following command:
S3> sadmin enable
The following message is displayed upon completion of the command:
McAfee Solidifier will be enabled on next reboot.
9. Restart the system. Solidifier will be in Enabled mode after the restart.
Upgrade Solidifier (Non-interactive or Silent Upgrade)
To upgrade Solidifier in a non-interactive mode, perform the following steps:
1. Log on to the system with administrative privileges.
2. Check Solidifier status using the following command:
S3> sadmin status
19
Page 23
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
3. If Solidifier is in Enabled mode, change Solidifier to Update mode or Disabled mode using
one of the following commands:
S3> sadmin disable
Or
S3> sadmin begin-update
4. Invoke the command prompt (Start > Programs > Accessories > Command Prompt). The
Command Prompt window displays on the screen.
5. Start silent upgrade using the following command:
> <SSInstaller-file> /s /v" /qn /l+*v \"%SYSTEMROOT%\S3Upgrade.log""
See “Solidifier Installers” for selecting the applicable Solidifier Installer <SSInstaller-file>.
Note: There is a double quote (") after /v, and space between /s and /v.
Note: During silent upgrade, the messages displayed on the screen should be ignored.
6. Issue the following command to verify that the new version has been installed:
S3> sadmin version
7. If Solidifier was in Update mode before you started upgrade, Solidifier will be in Update
mode. You can now move to Enabled mode by issuing the following command:
S3> sadmin end-update
Or
S3> sadmin eu
Solidifier status will be changed to Enabled.
8. Similarly, if Solidifier was in Disabled mode before you started upgrade, Solidifier will be in
Disabled mode after the upgrade. You can now move to Enabled mode by issuing the
following command:
S3> sadmin enable
The following message is displayed upon completion of the command:
McAfee Solidifier will be enabled on next reboot.
9. Restart the system. Solidifier will be in Enabled mode after the restart.
20
Page 24
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
Advanced Solidifier Configuration
Cluster Server Support for Solidifiers
This section describes the Microsoft Cluster Server Support added to McAfee® Solidifier. The
Solidifier can work with clusters but is not cluster aware. The configuration on each cluster node
is suppported individually independent of other nodes and the configuration data is not replicated
across the nodes.
This section covers the following topics:
• “Cluster Server setup requirements”
• “Cluster Server setup configuration”
• “Solidifier integration with clustering”
Cluster Server setup requirements
It is essential to understand the cluster server setup requirements for the Solidifier to work in a
clustering environment:
• Two servers (also referred as Node 1 and Node 2) running Microsoft Windows Server 2003
Enterprise Edition are required. Both these nodes are collectively known as cluster members.
• The cluster members must be members of the same Active Directory Domain.
• An Active Directory domain user who will be cluster application user on both the nodes.
• The cluster members must be configured to use a shared SCSI disk which will be configured
as the quorum disk.
• The cluster members must have the Windows 2003 Resource Kit Tools installed.
Cluster Server setup configuration
The Cluster Server setup can be configured in the following manner:
• Two-Node configuration is required with a primary and secondary node. The Solidifier starts
functioning on primary node as well as secondary node. In case of failover, the secondary
node will become primary node and the process will go on.
• The primary node has a cluster IP address which is assigned while creating the cluster and is
used for communication with the cluster. In case of a failover, the assignment of the cluster
IP automatically switches over to the new primary node so that the external world remains
unaware of the primary Solidifier failover. Both these nodes should use their static IP's to
establish connection with the System Controller so that any log related information is not lost.
• Shared Quorum is used for keeping the shared data of the Solidifier. Only primary node is
allowed to access this shared drive and only in case of a failover, the secondary node is
allowed to access this shared drive.
21
Page 25
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
Solidifier integration with clustering
The Solidifiers are installed on the clustering nodes individually and are also added to the System
Controller. The Solidifier’s integration with clustering can be clearly understood through the
following points:
1. Solidification and Change monitoring are tied only to a node and are specific to the software
and hardware installed on that particular machine. In a cluster, different nodes can have
different applications installed on it. MSCS does not guarantee that all nodes would be an
exact replica of each other. Therefore, the update window opened on one node would have no
meaning on other. Likewise, there could be a scenario when an application is installed on
only one node and not on the other. It could be a “cluster unaware” application.
Thus, all configuration changes are made separately on all the cluster nodes. No failover
support for the Solidifier service is provided and it re-starts on its own on failure.
2. Solidifier does not need to be a fault tolerant itself for supporting cluster. Solidifier needs to
be installed on different nodes and be up and running on both the nodes. Only if Solidifier is
running on both the machines, only then it would be able to track the other groups.
3. System Controller needs to be connected to both the nodes in a cluster. If a failure occurs on
one node and handover of the resource group takes place, then the reason for the failure can
only be found out if the System Controller is connected to both the machines. If the System
Controller is not connected to both the machines, then the events will be lost on the non
connected machine after a while as there is a limit to cache size of events. Quorum disk is
accessible only from one node at a time. As the System Controller is connected to all the
nodes in a cluster, which ever node is currently accessing quorum disk will give the change
events for quorum disk. All monitoring rules are added separately on different nodes.
4. All configuration settings are done through Shared Quorum. In a typical cluster environment,
no executable exists on the shared quorum disk other than the data. The solidification of
quorum disk is not supported.
22
Page 26
McAfee, Inc.
McAfee® Solidifier for Windows Installation Guide
Appendix: Troubleshooting
This section provides Installation related trouble-shooting tips based on the errors seen and
reported.
FATAL ERROR DURING INSTALLATION Error message appears on the screen
Symptom
This error may appear when you try to uninstall Solidifier running in Enabled mode
from Add/Remove Programs.
Solution
Disable the Solidifier before uninstalling it.
SYSTEM RESTART message gets displayed in logs while upgrading Solidifier running in
Disabled mode
Symptom
The following message is seen in the S3Setup.log and Event Viewer:
“The Windows Installer initiated a system restart
to complete or continue the configuration of
'McAfee Solidifier'”
However, the system does not get restarted.
Solution
You can ignore this log message.
Following message is displayed on installing the Solidifier through a non Administrative user
account
Symptom
The following message is seen when you try to install the Solidifier through a non
Administrative user account:
"Unable to save file
C:\windows\Downloaded Installations\{D4BAC82D-A01B-
47AC-AFC9-581EEBDD0F45}".
Solution
You should install the Solidifier using the Administrative privileges only.
23