Signature Items

Signature rules enable you to use the SHA256 hash of a file to identify what files to allow, deny, or elevate. This gives customers in locked-down and heavily regulated environments additional options to meet those requirements. For more information about rules and their types, refer to Configuring Rules.

Signature items rule is available for allow/deny, manage user privilege, and self-elevate rule types. This topic uses the manage user privilege options as an example, but the workflow is similar for the other options.

This topic walks you through the following:

Adding Signature Items

To add a signature item rule, follow these steps:

  1. On the Rule page, select I want to manage user privileges.
  2. Click Next.
    The What type page appears.
  3. Select Signature Item, and click Next.
    The What page appears.
  4. From the Select a source option, select Event Files.
    This displays the list of files, along with their hashes and file versions, under the Source Items section.
  5. Select the required files under the Source Items section.
    The selected files are listed under the Selected Items section. Alternatively, click > Edit to manage file settings.
  6. To assign the signature items to user or device groups, click Next.
    For more information about assigning user or device groups, refer to Manage User Privilege Rule.

Adding Hash Manually

To add hash to a file manually, follow these steps:

  1. On the Rule page, select I want to manage user privileges.
  2. Click Next.
    The What Type page appears.
  3. Select Signature Item, and click Next.
  4. On the What page, click Add hash manually.
    The Rule Item - Settings pane appears.
  5. Enter the details of the file, elevate, restrict, and apply policy to the file.
    • Display Name: Enter the name for the file. If the display name is not set, the file name is displayed by default.
    • File: Specifies the name of the file along with its extension.
    • File Version: Enter the version number of the file.
    • Arguments: Enter optional command line arguments for the file.
    • Description: Enter any additional information about the file.
    • Signature Item Hash: Enter the signature SHA256 hash number of the file. You can generate the hash number using a PowerShell CLI or similar tools.
    • Policy: Select a policy to be applied to the file.
      You can select the following options for the policy:

      • Apply to child processes

      • Apply to common dialogs

      • Install as a trusted owner

      • Prompt the user before elevating

      • Requires a reason before elevating (This option is available only when the Prompt the user before elevating is selected.)

    • Policy Type: Select Elevate to grant the privileges to complete a specific action that would otherwise need to be performed by an Administrator. Or, click Restrict to deny permissions.

  6. Click Save to add a hash to a file manually.