Environment
- App Control Console: All Supported Versions
- App Control Agent: All Supported Versions
Question
Will disabling the "Allow approval of software with expired certificates" setting, found under Configuration > System Configuration > Advanced Options, revoke previously issued Approvals for files signed with an expired certificate?
Answer
- No, if a file was Locally Approved by a Publisher with an expired certificate when this setting was enabled, it will remain Locally Approved when the setting is disabled.
- After disabling this setting, new files using expired certificates whose verifiable timestamp is within the certificate validity period will no longer be issued Publisher Approvals.
Additional Notes
- Making a change to this setting will cause all Publishers to be re-evaluated.
- This setting has no effect on bans of Publishers.
- If the timestamp is missing, invalid, or is not within the certificate validity period, then the software cannot be Approved by Publisher.
Related Content