Agent settings: Trusted file lists
Tools > Security and Compliance > Security > Endpoint Security > Trusted file lists
Use this dialog box to manage your trusted file lists. Trusted file lists are comprised of files configured with a specific set of rights (privileges or authorizations) that allow and deny certain actions that can be performed on that file by an application.
This dialog contains the following options:
- Name: Identifies the trusted file list with a unique name. You can use the Find feature to search for items in a list containing a specific word or phrase. The resulting list displays only those items that matched your search criteria.
- Add: Opens a file explorer dialog box where you can browse and select a file you want to configure with file certifications.
- Edit: Lets you edit the selected file's certifications.
- Delete: Deletes the selected file and its certifications.
- Move: Opens a dialog box that lets you select one or more trusted files and either move or copy them to another list.
- Set as default: Assigns this list as the default trusted file list for tasks that use this HIPS (or Firewall) setting.
- ID: Identifies this particular list. This information is stored in the database and can be used to keep track of each list.
Use this dialog box to configure HIPS and/or LANDESK Firewall rights for a specific application file.This dialog box contains the following options:
- File name: Identifies the application file that is being assigned certifications.
- Full path: Specifies the location of the file.
- File size: Specifies the size (in KB) of the file.
- File date: Indicates the creation date and time of the file.
- Version: Indicates the version number of the file, if available.
- Certified: Indicates the date and time the file's certifications were created or last modified.
- MD5 hash: Shows the file's MD5 hash. A hash file is used to ensure the integrity of the file.
- Description: Provides a text box for you to enter a description of the file.
- Bypass all protection: Allows the application file complete privileges. The file is completely unfiltered and unmonitored.
- Bypass buffer overflow protection: Allows you to bypass buffer overflow protection. You will want to use this option for files (processes) that are certified and that you trust.
- System security
- Modify executable files: Allows the application the right to modify other executable files.
- Modify protected files: Allows the application the right to modify protected files. You can generate a list of protected files, such as the LANDESK Management Suite device agents.
- Modify protected registry keys: Allows the application the right to modify protected registry keys. Protected keys prevent malware infections.
- Network security
- Send emails: Allows the application to send email messages. (NOTE: HIPS recognizes standard email client applications and automatically certifies them so that they can send emails.)
- Files on disk
- Add to system startup: Allows the application the right to add files to the system startup.
- Allow execution: Allows the application (process) to run on the device. Certified files automatically have allow execution enabled. Also, if a file's certification provides partial rights, then the allow execution option is automatically enabled.
- Advanced security rules
- Protect application in memory: Enforces protection for the application as it is running in memory. The application is protected from termination or modification.
- Inherit to child processes: Assigns the same file certifications (rights) to any subordinate processes executed by this application. For example, you can use this with a setup or installation executable to pass the same rights to subsequent processes launched by the setup program.
- Authorized installer: Indicates that the application is allowed to perform software installation or deployment. This is the case for the LANDESK Management Suite software distribution tool, and can be applied to other software distribution applications as well.
- Learning options
- Lock trusted file (file rights will not be updated via learn mode):
- Match this entry based only on file name:
Unfortunately the help file is not up to date. This option was removed a long time ago (at least 9.5 probably 9.0) because the core doesn't provide the fully qualified file name in the Trusted File List and it would be too dangerous to certify a file based on its file name, without a full path.
- OK: Saves the file certifications and adds it to the list of certified files in the main HIPS settings dialog box.
- Cancel: Closes the dialog box without saving the file certifications.