Knowledge Base

Yes

Environment

Does the update to certificate Whitelisting for the 3.3 Mac Sensor affect currently configured certificate Whitelists?

Yes.

Prior to 3.3, certificate Whitelisting was done at the Organization Name level
Certificate Whitelisting is now more granular so that the Common Name can be used
Any currently configured whitelists that apply to multiple entities under the same Organization Name should be reconfigured
This will increase security efficacy by allowing the sensor to differentiate between Organization certificates and personal or developer level certificates

See Cb Defense: How to Identify Whitelisted Certs That Should be Updated for the 3.3 Mac Sensor and Cb Defense: How to Update Certificate Whitelist for 3.3 Sensor on Mac for steps to whitelist certificates by Common Name for the 3.3 Mac Sensor
Updating these certificate Whitelists to include the issuer Common Name will increase security efficacy by allowing the sensor to differentiate between Organization certificates and personal or developer level certificates
It is recommended to maintain the current certificate Whitelists configured for Organization Name in conjunction with the newly configured certificate Whitelists for Common Name during the process of upgrading to 3.3.x.x and higher
Certificate Whitelisting has a global effect, so the previously configured Certificate Whitelists should remain in place until all sensors are upgraded to 3.3.x.x or higher
An additional waiting period of approximately 30 days after upgrade to Sensor version 3.3 is recommended prior to removing the Organization Name Whitelists
This waiting period will help prevent False Positives during the file Reputation transition resulting from the Certificate update
The Certificate Whitelists configured for Organization Name should be removed after upgrade to Sensor version 3.3 and the recommended waiting period has elapsed