Trend Micro - Securing Your Journey to the Cloud Business
Support
Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Creating a rule based on a file's digital signature in Endpoint Application Control (EAC) 2.0

    • Updated:
    • 15 Mar 2020
    • Product/Version:
    • Endpoint Application Control 2.0
    • Platform:
    • Windows All
Summary

EAC can match applications' Digital Signature Certificate Information when creating a rule. Other match methods that can be used are as follows:

Match MethodDescription
Known Application Dynamic SearchMatches are based on the Certified Safe Software List and any application inventories collected from endpoints.
Certified Safe Software ListMatches are based on the Trend Micro Certified Safe Software List, or the whitelist pattern.
File PathsMatches are based on the location of the executable file.
SHA-1 Hash ValuesMatches are based on the application's SHA-1 Hash.

The significance of using "Certificates" among the available match methods is that it does not require the EAC agent to download file hash information of all the files that match the rule from the Application Control Server. Thus, this limits the bandwidth size requirement when applying the rule while optimizing network data transfer between the agent and the server.

Details
Public

To create a rule based on digital signature:

  1. Get the file's Certificate Information.
    You may use SignCheck, a Windows Sysinternals File Utility that can be used to display digital signature details of a file or an application; or you may just open the properties of a file to know its certificate information. To do this, follow these steps:

    1. Browse the file using Windows Explorer.
    2. Right-click on the file and click Properties.

      properties

    3. Go to Digital Signatures tab and click Details.

      details

    4. Click View Certificate.

      view

    5. In the Certificate dialog box, go to the Details tab and select the Issuer or Subject fields to view the the information that will be used to match applications based on Certificates in EAC.

      issuer

  2. Create "Certificates" match rule.

    1. Log on to the EAC Web Management Console.

      login

    2. Go to the Management tab and select Rules.

      management rules

    3. Click +Add Rule and select Allow or Blockto edit the rule.

      add

    4. In the edit rule page, select Certificatesin the "Match using" drop-down menu.

      rulecert

    5. Configure the Issuer and Subject certificate information to match the file's digital certificate obtained in "I. Get the File's Certificate Information"

      subject

    6. Click Saveto finish.

      save

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
1115482
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.
Related Articles