During initial installation, Application Whitelisting will do a whitelisting on your system to whitelist your files and create a whitelist database file. It will use this whitelist file to check if the files are trusted.
The Application Whitelisting feature will immediately kick in right after installation. Therefore, during the initial whitelist creation, Application Whitelisting will start prompting when a new file or application is being executed.
By default, if the file is not in the whitelist, it will be trusted using its digital signature instead-but provided if it is found in the Trusted Certificate list.
To manage the Application Whitelisting Mode, follow the steps below:
- Launch SecureAPlus > App Settings
- In the App Settings menu, click on Application Whitelisting > Basic Setting
Trust based on Digital Signature (default) – It is turned on to trust files as a trusted installer based on their digital signature even though these files are not in the Application Whitelisting.
|Allow application with a valid digital signature to be trusted as an installer if its certificate is:||Description|
|Trusted by the Operating System||Allow applications to be trusted so long if it is trusted by the OS.|
|Name is in the Trusted Certificate List (default)||Only applications with certificate name listed in the Trusted Certificate list will be trusted.
This setting trusts the vendors of the program that the user has been using. For instance, if the user has been using an Adobe product, e.g. Adobe Reader, when they install Adobe Illustrator, the program will be trusted by hash only.
|Name and Thumbprint in the Trusted Certificate List||Only applications with certificate name and thumbprint listed in the Trusted Certificate list will be trusted.|
Note: To tighten security measures, you may turn off Trust-Based by Digital Signature. Thus the program will be trusted by hash only. If there are new files, for example, Windows Update, by default, it should not prompt you for any new Windows Update files, even if it is trusted by hash only. This is because Windows Updater has been set as a trusted installer.
Do bear in mind, the most convenient, but the least secure configuration is to trust all the certificates, as long as they are trusted by Windows Operating System.
This post is also available in: Japanese