logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: Will Disabling the "Expired Certificates" Setting Revoke Existing Approvals?

App Control: Will Disabling the "Expired Certificates" Setting Revoke Existing Approvals?

Environment

  • App Control Console: All Supported Versions
  • App Control Agent: All Supported Versions

Question

Will disabling the "Allow approval of software with expired certificates" setting, found under Configuration > System Configuration > Advanced Options, revoke previously issued Approvals for files signed with an expired certificate?

Answer

  • No, if a file was Locally Approved by a Publisher with an expired certificate when this setting was enabled, it will remain Locally Approved when the setting is disabled.
  • After disabling this setting, new files using expired certificates whose verifiable timestamp is within the certificate validity period will no longer be issued Publisher Approvals.

Additional Notes

  • Making a change to this setting will cause all Publishers to be re-evaluated.
  • This setting has no effect on bans of Publishers.
  • If the timestamp is missing, invalid, or is not within the certificate validity period, then the software cannot be Approved by Publisher.

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎07-03-2023
Views:
222
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.