Trusted Ownership
Overview
Trusted Ownership checking is performed on files and folders to ensure that ownership of the items matches your approved list of trusted owners.
If a match is made between the file you want to run and is an allowed item, an additional security check ensures that the file ownership is also matched with the trusted owners list. If a genuine file has been tampered with or a file that is a security threat has been renamed to resemble an allowed file, trusted ownership checking identifies the irregularity and prevents the file execution.
Although Application Control is able to stop any executable script based malware as soon as it is introduced to a system, Application Control is not intended to be a replacement for existing malware removal tools, but should act as a complementary technology sitting alongside them. For example, although Application Control is able to stop the execution of a virus, it is not able to clean if off the disk.
Trusted Ownership Rule
Trusted Ownership does not need to take into account the logged-on user. It does not matter whether the logged-on user is a Trusted Owner, administrator, or not. Trusted Ownership revolves around which user (or group) owns a file on the disk. This is typically the user who created the file.
Network folders/shares are denied by default. So, if the file resides on a network folder, the file or folder must be added to the rule as an allowed item. Otherwise, even if the file passes Trusted Ownership checking, the rule will not allow access.
Application Control trusts the following by default:
- SYSTEM
- BUILTIN/Administrators
- %ComputerName%\Administrator
- NT Service\TrustedInstaller
You can extend the list above to include other users or groups.
Do you want more information? Read all about it in the Ivanti Security Controls Help.
Try it yourself
Add a Trusted Owner
- In the Application Control Configuration Editor > Configuration Settings > Executable Control > Trusted Owners tab right-click in the work area and select Add.
The Add trusted Owners dialog displays. - Enter or browse to select the user name to add.
- Click Add.
The user is now added to the list together with the unique SID. - Save and deploy the configuration.
Test it
A quick test to show Trusted Ownership working:
- Introduce one or more applications using a test user account.
- Copy one or more applications to the user’s home drive or another suitable location, such as calc.exe from the System32 folder or copy a file from a CD.
- Attempt to run a copied file. The application is denied because the files are owned by the test user and not a member of the Trusted Owners list.
You can verify the ownership of a file by viewing the Properties using Windows Explorer.