Security Controls Evaluation Guide

Home 

Trusted Ownership

Overview

Trusted Ownership checking is performed on files and folders to ensure that ownership of the items matches your approved list of trusted owners.

Although Application Control is able to stop any executable script based malware as soon as it is introduced to a system, Application Control is not intended to be a replacement for existing malware removal tools, but should act as a complementary technology sitting alongside them. For example, although Application Control is able to stop the execution of a virus, it is not able to clean if off the disk.

Trusted Ownership Rule

Trusted Ownership does not need to take into account the logged-on user. It does not matter whether the logged-on user is a Trusted Owner, administrator, or not. Trusted Ownership revolves around which user (or group) owns a file on the disk. This is typically the user who created the file.

Network folders/shares are denied by default. So, if the file resides on a network folder, the file or folder must be added to the rule as an allowed item. Otherwise, even if the file passes Trusted Ownership checking, the rule will not allow access.

Application Control trusts the following by default: -

SYSTEM

BUILTIN/Administrators

%ComputerName%\Administrator

NT Service\TrustedInstaller

You can extend the list above to include other users or groups.

Do you want more information? Read all about it in the Ivanti Security Controls Help.

Try it yourself

Add a Trusted Owner

1.In the Application Control Configuration Editor > Configuration Settings > Executable Control > Trusted Owners tab right-click in the work area and select Add.

The Add trusted Owners dialog displays.

2.Enter or browse to select the user name to add.

3.Click Add. The user is now added to the list together with the unique SID.

4.Save and deploy the configuration.

Test it

A quick test to show Trusted Ownership working:

1.Introduce one or more applications using a test user account.

2.Copy one or more applications to the user’s home drive or another suitable location, such as calc.exe from the System32 folder or copy a file from a CD.

3.Attempt to run a copied file. The application is denied because the files are owned by the test user and not a member of the Trusted Owners list.

You can verify the ownership of a file by viewing the Properties using Windows Explorer.

Your next step

Security Levels

Allowed Items

Denied Items

Why use Executable Control?


Was this article useful?