For installer packages that contains multiple executable files, it is recommended to put the package into a common folder and set the folder to be Trusted Application. For the main installer file to be executed directly, set it as Trusted Installer (Eg: setup.exe) and run.
The prompting depends on the Application Whitelisting settings, by default, it is trust by digital signature if file is not in the whitelist but the digital signature has to be listed under the Trusted Certificate list. Therefore, if a new application has a digital signature that is not found in the list, you will get prompted for further actions.
If an untrusted executable file is being run and launched by Windows Explorer, Application Whitelisting will notify for further actions as below:
You will be given the option to Remember my answer for this entire process if you do not want to be prompted again. However, allowing this option will allow everything that Windows Explorer run to be trusted automatically. By doing so, malware run by Windows Explorer will be trusted thus causing it to enter the system.
Note that for executable file that is not accessible by Windows Explorer, you may not be able to see and manually set the trust level of the files. Hence, Application Whitelisting on-the-fly trust will allow you to set the appropriate actions for these files when it is being run.
Nevertheless, you are given the options to Unblock and set file as a trusted installer if you are sure that the installer file can be trusted and do not want to be further prompted by Application Whitelisting. Follow the steps below to set file as a trusted installer on-the-fly.
- Right click on the installer file name and select Unblock and set file as a trusted installer.
Note that clicking on the file name will bring you to the file location.
For trusted applications which creates new executable files while running, Application Whitelisting will notify for further actions as below:
- If you do not wish to get any further prompts and you would like anything that is created by the trusted application to not be trusted, click on This process is not an installer. Set it as a restricted application. This will place the application into the list of Restricted Application. You can undo this action by removing the application from the list of Restricted Application in the settings.
- Click on More options to view more details of the executable.
- Click on Trust this newly created file only to allow the current newly created executable file to be elevated to trusted application so that it can be processed. However, the main trusted application will remain the same instead of elevating into a trusted installer. Therefore, you will still get prompts again if it creates any other new executable files.
For trusted installers, it will not prompt you for any further actions to elevate the newly created executable files as it will all be automatically set as trusted applications. Therefore, trusted installers can run smoothly as per normal without any unneeded prompting.
Follow these instructions to manually set the trust levels for your applications
- Right click on the executable file, point to Trust Level. In the menu displayed, the tick will indicate the trust level the executable file. Select the desired trust level for the executable file.
- Right click on the executable file again, point to Trust Level. In the menu displayed, the tick will indicate the new trust level the executable file.
- Alternatively, you can also set trust levels for the files within a folder. Right click on the executable file, point to Trust Level. In the menu displayed, select the desired trust level.
- Right click on the folder again, point to Manage Whitelist. A SecureAge Application Whitelisting window will show the new trust level of the files within the folder.
This post is also available in: Japanese