Trusted Vendor Rule

Trusted Vendors are used for listing valid digital certificates. A digital certificate is an electronic document that uses a digital signature to bind together a public key with an identity. This includes information such as the name of a person or organization, address, and so on. Digital certificates are issued by a certificate authority and used to verify that a public key belongs to an individual. App Control queries each file execution to detect the presence of a digital certificate. If the file has a valid digital certificate and the signer matches an entry in the Trusted Vendor list, the file is allowed to run, and overrides any trusted ownership checking.

Rule creation workflow:

  1. What rule do you want to create?
  2. What vendor do you want to trust?
  3. When is the rule to be applied?
  4. Summary and Save

Create an Elevate Rule

  1. On the What do you want to do? page, select I want to add a trusted vendor.
  2. Click Next.
    The Choose Trusted Vendor page appears.
  3. Click Add Trusted Vendor.
    The Trusted vendor - Settings panel appears.
  4. Enter the name of the Vendor. Optionally, select whether to use regular expressions.
  5. To restrict the rule to apply only to files in a certain location, enter the Path. If no path is entered, the rule will apply to all files signed by the vendor. Optionally, select whether to use regular expressions.
  6. Optionally enter a Description.
  7. Click Save.
    The vendor appears in the Trusted Vendors list.
  8. Click Next.
    The Trusted Vendor - When is this assigned? page appears.
  9. In Select a source, use the drop-down to select the source of the items, any selected or added sources will display in the Selected Items section. Select from:
    • AD Groups: The AD Display and Group names are listed, you can use the search and filter to refine the list. Alternatively, you can manually add a group, by clicking Add manually.
    • AD Users: Enter domain\username and click Add.
    • App Control Users: The username of users that App Control has recorded an event for.
    • Computer Groups: Enter the computer group, for example: CN=ComputerGroup. If you want to include nested groups select Search nested groups. Click Add.
    • Device Organizational Units: Enter the organizational unit, for example: OU=Corporation. If you want to include sub-OUs select Include sub-OUs. Click Add.
    • Devices: The Device and Host names of all Neurons discovered window devices are listed, you can use the search and filter to refine the list. Alternatively, you can manually add a device, by clicking Add manually.
    • IP Addresses: Enter the IP addresses and select whether you want to match regular expressions against IP addresses. Click Add.
      Example:
      • 192.168.0.1: select the client device with an IP of 192.168.0.1
      • 192.168.0.*: select the client devices with an IP of 192.168.0.<any>
      • 192.168.0.15-25: select all client devices within the IP range of 192.168.0.15 to 192.168.0.25
    • Alternatively, select Everyone to create the rule for the Everyone group, this includes any user that logs on to a device that has the configuration successfully deployed, with the exception of Administrators.
  10. Once you are finished with the Selected Items. Click Next.
    The Save Rule and Rule Summary page appears.
  11. Enter a Name for the rule, and provide an optional description.
  12. The default status for the rule is to be Active, if you do not want to make the rule active yet, toggle the Rule Status to off.
  13. Click Save to save the rule and return to the configuration, where you'll see the new rule listed in the Rules section.
    Alternatively click Save & Add another, to save the rule and return to the What do you want to do? page to create another rule for the configuration.
  14. When you have added all the rules to the configuration, click Save to save the configuration as draft. Or, click Save & Publish to save the version of the configuration.
    Once published, the configuration is available for assignment to a policy.