Environment
- Cb Defense PSC Console: November '18 Release and Later
- Cb Defense Sensor: Version 3.3.x.x and Higher
- Apple macOS: 10.10.x and Higher
- Certificate Whitelisting is configured
Question
Does the update to certificate Whitelisting for the 3.3 Mac Sensor affect currently configured certificate Whitelists?
Answer
Yes.
- Prior to 3.3, certificate Whitelisting was done at the Organization Name level
- Certificate Whitelisting is now more granular so that the Common Name can be used
- Any currently configured whitelists that apply to multiple entities under the same Organization Name should be reconfigured
- This will increase security efficacy by allowing the sensor to differentiate between Organization certificates and personal or developer level certificates
Additional Notes
- See Cb Defense: How to Identify Whitelisted Certs That Should be Updated for the 3.3 Mac Sensor and Cb Defense: How to Update Certificate Whitelist for 3.3 Sensor on Mac for steps to whitelist certificates by Common Name for the 3.3 Mac Sensor
- Updating these certificate Whitelists to include the issuer Common Name will increase security efficacy by allowing the sensor to differentiate between Organization certificates and personal or developer level certificates
- It is recommended to maintain the current certificate Whitelists configured for Organization Name in conjunction with the newly configured certificate Whitelists for Common Name during the process of upgrading to 3.3.x.x and higher
- Certificate Whitelisting has a global effect, so the previously configured Certificate Whitelists should remain in place until all sensors are upgraded to 3.3.x.x or higher
- An additional waiting period of approximately 30 days after upgrade to Sensor version 3.3 is recommended prior to removing the Organization Name Whitelists
- This waiting period will help prevent False Positives during the file Reputation transition resulting from the Certificate update
- The Certificate Whitelists configured for Organization Name should be removed after upgrade to Sensor version 3.3 and the recommended waiting period has elapsed
Related Content