Environment
- Cb Defense PSC Console: November '18 Release and Later
- Cb Defense Sensor: Version 3.3.x.x and Higher
- Apple macOS: 10.10.x and Higher
- Cert Whitelisting is configured based on Certificate Issuer Organization rather than Common Name
Objective
Update Cert Whitelist with Common Name of Certificate Issuer to increase specificity during certificate verification for the 3.3.x.x Sensor for Mac
Resolution
- Determine the Common Name of the Certificate to be Whitelisted
- In the PSC Console, navigate to Enforce > Reputation
- Click Add
- Select Type: Certs
- Enter the Common Name into the "Signed By" field
- Enter CA and Comments as necessary
- Click Save
- Maintain the Certificate Whitelists configured for Organization Name in conjunction with the newly configured Certificate Whitelists for Common Name during the process of upgrading to 3.3.x.x and higher
- Once all Sensors are upgraded to 3.3 or higher, an additional waiting period of approximately 30 days is recommended before removing the Certificate Whitelists based on Organization Name
- After Sensor upgrade and waiting period, the Certificate Whitelists configured for Organization Name should be removed
Additional Notes
- For the codesign command, replace <file_path> with the path to the binary or other file as needed
- An additional waiting period of approximately 30 days after upgrade to Sensor version 3.3 is recommended prior to removing the Organization Name Whitelists
- This waiting period will help prevent False Positives during the file Reputation transition resulting from the Certificate update
Related Content