Trusted Change Policies
Ivanti Application Control provides four Trusted Change policies which allow non-whitelisted applications to execute. This reduces the administrative burden of maintaining the network after application control is enforced.
Trusted Updater: Trusted Updater allows an application to run and to add or update files on an endpoint. Files added or updated can also run because they are added to the whitelist. This is the only Trusted Change policy that can add files to an endpoint's whitelist. See Working with Trusted Updater
Trusted Publisher: Trusted Publisher is a trusted source that digitally signs files and applications through a certificate so that executables are allowed to run on endpoints without each file/application having to be authorized independently. See Working with Trusted Publisher.
Trusted Path: Trusted Path is a file system path configured so that any executable files it contains can be run by all users/endpoints that have been assigned the Trusted Path policy. See Working with Trusted Path.
Local Authorization: Local Authorization is a policy that allows a specified user to authorize an application that is not on a whitelist or permitted by another trust mechanism. See Working with Local Authorization.
Logging Trusted Change Policies
Logging options selected in Easy Auditor and Easy Lockdown policies can determine the logging behavior of trusted change policies.
Trusted Path is the only trusted change policy with its own logging options. But Trusted Updater and Trusted Publisher events can be logged by setting Easy Auditor/Easy Lockdown logging options.
The logging options set on Easy Lockdown and Easy Auditor policies have the following effect on trusted change policies:
|
Log non-authorized applications option |
|
|---|---|
|
Trusted Updater |
Logs when applications are added to the whitelist by Trusted Updater. |
|
Trusted Publisher |
No effect |
|
Trusted Path |
No effect |
|
Log authorized applications option |
|
|---|---|
|
Trusted Updater |
Logs when applications are added to the whitelist by Trusted Updater. Logs when applications whitelisted by Trusted Updater are allowed to run. |
|
Trusted Publisher |
Logs when applications are allowed to run by Trusted Publisher policies. |
|
Trusted Path |
Logs when applications are allowed to run by Trusted Path policies. This overrides the setting in the Trusted Path policy. |
|
Include all details on authorized applications option |
|
|---|---|
|
Trusted Updater |
No effect |
|
Trusted Publisher |
No effect |
|
Trusted Path |
Detailed information on applications allowed to run by the Trusted Path policy is logged (every executable file and library loaded will be logged). This overrides the setting in the Trusted Path policy. |
Unassigning Multiple Policies
You can unassign multiple application control policies at the same time, removing the association between them and their assigned endpoints and users. Policies that are no longer assigned to an endpoint remain in the system as unassigned policies, which you can re-assign at a later time.
- Select Manage > Application Control Policies.
- Click either the Managed Policies tab or the Trusted Change tab.
- Select all the policies you want to unassign on that page.
- Click Unassign.
The Unassign Policy confirmation dialog is displayed.
- Review the policies to be unassigned. If necessary, click a chevron (>) to expand the display of the endpoints and users that a policy is assigned to.
- Click Yes.
The application control policies are unassigned.
You can select any combination of the policy types available on the page.
The selected policies are highlighted.
