logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: Custom Execution Rule with "File Publisher" criteria does not block a file with tampered certificate

App Control: Custom Execution Rule with "File Publisher" criteria does not block a file with tampered certificate

Environment

  • App Control: All Versions

Symptoms

  • Custom Execution rule when configured with "File Publisher" criteria using advanced options does not verify associated publisher certificates
  • Custom Execution Rule with "File Publisher" criteria does not block a file with tampered certificate 

Cause

As per product design, "File Publisher" criteria performs a string match against the publisher information on the file but does not verify if the certificate is valid

Resolution

This is as per product design. Alternatively, "Trusted Publisher" approval mechanism can used to ensure certificate validation takes places at the time of analysis

Related Content


Labels (1)
Labels:
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎03-29-2022
Views:
251
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.