Environment
- App Control: All Versions
Symptoms
- Custom Execution rule when configured with "File Publisher" criteria using advanced options does not verify associated publisher certificates
- Custom Execution Rule with "File Publisher" criteria does not block a file with tampered certificate
Cause
As per product design, "File Publisher" criteria performs a string match against the publisher information on the file but does not verify if the certificate is valid
Resolution
This is as per product design. Alternatively, "Trusted Publisher" approval mechanism can used to ensure certificate validation takes places at the time of analysis
Related Content