Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Defense: Does the Update to Certificate Whitelisting for the 3.3 Mac Sensor Affect Currently Configured Certificate Whitelists?

Cb Defense: Does the Update to Certificate Whitelisting for the 3.3 Mac Sensor Affect Currently Configured Certificate Whitelists?

Environment

  • Cb Defense PSC Console: November '18 Release and Later
  • Cb Defense Sensor: Version 3.3.x.x and Higher
  • Apple macOS: 10.10.x and Higher
  • Certificate Whitelisting is configured

Question

Does the update to certificate Whitelisting for the 3.3 Mac Sensor affect currently configured certificate Whitelists?


Answer

Yes.
  • Prior to 3.3, certificate Whitelisting was done at the Organization Name level
  • Certificate Whitelisting is now more granular so that the Common Name can be used
  • Any currently configured whitelists that apply to multiple entities under the same Organization Name should be reconfigured
  • This will increase security efficacy by allowing the sensor to differentiate between Organization certificates and personal or developer level certificates
 

    Additional Notes

    • See Cb Defense: How to Identify Whitelisted Certs That Should be Updated for the 3.3 Mac Sensor  and Cb Defense: How to Update Certificate Whitelist for 3.3 Sensor on Mac for steps to whitelist certificates by Common Name for the 3.3 Mac Sensor
    • Updating these certificate Whitelists to include the issuer Common Name will increase security efficacy by allowing the sensor to differentiate between Organization certificates and personal or developer level certificates
    • It is recommended to maintain the current certificate Whitelists configured for Organization Name in conjunction with the newly configured certificate Whitelists for Common Name during the process of upgrading to 3.3.x.x and higher
    • Certificate Whitelisting has a global effect, so the previously configured Certificate Whitelists should remain in place until all sensors are upgraded to 3.3.x.x or higher
    • An additional waiting period of approximately 30 days after upgrade to Sensor version 3.3 is recommended prior to removing the Organization Name Whitelists
    • This waiting period will help prevent False Positives during the file Reputation transition resulting from the Certificate update
    • The Certificate Whitelists configured for Organization Name should be removed after upgrade to Sensor version 3.3 and the recommended waiting period has elapsed

    Related Content


    Was this article helpful? Yes No
    100% helpful (1/1)
    Article Information
    Author:
    Creation Date:
    ‎01-09-2019
    Views:
    265
    Contributors