Application Whitelisting tags a trust level to all applications and executable so that untrusted or not whitelisted application will not be able to run on your computer. This is to minimize the chances of unauthorized malware from damaging user’s system.

Definition of Trust Levels

In Application Whitelisting, there are three levels of trust for applications and are summarized in the table below:

Trust Level Explanation
Not Trusted (0) The application is not allowed to be executed at all.
Any files that are created by this application will not be trusted as well.
Trusted Application (1) The application is allowed to be executed, but all the files that are created by a Trusted Application will be Not Trusted.
Trusted Installer (2) A Trusted Installer is allowed to be executed, and all files that are created or renamed by a Trusted Installer will be automatically set as Trusted Application.

  • For example, Installer, uninstaller, and updater applications usually fall into this category.

There is a special exception for the update process.

  • When a Trusted Installer found that the file has already existed, and the trust level has been set as Trusted Installer, Trusted Installer will not downgrade the file as a Trusted Application but instead, it will keep the trust level as it is.

Trusted Installer can only be run by a trusted user account. If Non-trusted user runs a trusted installer, it will be downgraded as trusted application on the run-time.  Non-trusted users are not allowed to bring in any new application to the system.

In the newer version of SecureAPlus, non-trusted user account is allowed to run Trusted Installer as it is, but only the trusted account can set the file as a trusted installer.

Unlike trusted account users, for non-trusted account users, an application will never be promoted to a trusted installer, even though if the digital signature Is trusted.

More on Trusted Groups and Trusted Users

This post is also available in: Japanese