App Control: Will Disabling the "Expired Certificates" Setting Revoke Existing Approvals?
App Control Console: All Supported Versions
App Control Agent: All Supported Versions
Will disabling the "Allow approval of software with expired certificates" setting, found under Configuration > System Configuration > Advanced Options, revoke previously issued Approvals for files signed with an expired certificate?
No, if a file was Locally Approved by a Publisher with an expired certificate when this setting was enabled, it will remain Locally Approved when the setting is disabled.
After disabling this setting, new files using expired certificates whose verifiable timestamp is within the certificate validity period will no longer be issued Publisher Approvals.
Making a change to this setting will cause all Publishers to be re-evaluated.
This setting has no effect on bans of Publishers.
If the timestamp is missing, invalid, or is not within the certificate validity period, then the software cannot be Approved by Publisher.