EAC can match applications' Digital Signature Certificate Information when creating a rule. Other match methods that can be used are as follows:
Match Method | Description |
---|---|
Known Application Dynamic Search | Matches are based on the Certified Safe Software List and any application inventories collected from endpoints. |
Certified Safe Software List | Matches are based on the Trend Micro Certified Safe Software List, or the whitelist pattern. |
File Paths | Matches are based on the location of the executable file. |
SHA-1 Hash Values | Matches are based on the application's SHA-1 Hash. |
The significance of using "Certificates" among the available match methods is that it does not require the EAC agent to download file hash information of all the files that match the rule from the Application Control Server. Thus, this limits the bandwidth size requirement when applying the rule while optimizing network data transfer between the agent and the server.
To create a rule based on digital signature:
-
Get the file's Certificate Information.
You may use SignCheck, a Windows Sysinternals File Utility that can be used to display digital signature details of a file or an application; or you may just open the properties of a file to know its certificate information. To do this, follow these steps:- Browse the file using Windows Explorer.
- Right-click on the file and click Properties.
- Go to Digital Signatures tab and click Details.
- Click View Certificate.
- In the Certificate dialog box, go to the Details tab and select the Issuer or Subject fields to view the the information that will be used to match applications based on Certificates in EAC.
-
Create "Certificates" match rule.
- Log on to the EAC Web Management Console.
- Go to the Management tab and select Rules.
- Click +Add Rule and select Allow or Blockto edit the rule.
- In the edit rule page, select Certificatesin the "Match using" drop-down menu.
- Configure the Issuer and Subject certificate information to match the file's digital certificate obtained in "I. Get the File's Certificate Information"
- Click Saveto finish.