Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Differences Between Trusted Directory and Trusted Path?

App Control: Differences Between Trusted Directory and Trusted Path?

Environment

  • App Control (Formerly CB Protection) Console: All Supported Versions

Question

What are the differences between Trusted Path and Trusted Directory?

Answer

Trusted Path:

What it does?
  • Allows the execution/promotion of files from a specified path
Pros:
  • Files can be instantaneously executed after added
  • Locally approving files can be more secure/controlled
  • Has little impact on performance
Cons
  • Files must be executed from the specified path (may effect ease of use)
  • Specified path is trusted on all devices
Trusted Directory:

What it does?
  • Globally approves files in a specified path
Pros:
  • Once globally approved, files can be executed from anywhere
  • Automatically analyzes and approves files that will be written by archive files
Cons:
  • Takes time to process approval and send out to agents
  • Can be less secure/controlled (execute from anywhere)
  • When overused, can cause performance issues

Additional Notes

  • How effective and secure a rule is depends on how it's going to be utilized in the environment. Before implementing any rule it's best to review with a dedicated security team and consider all attack vectors.
  • More information on Trusted Paths and Directories can be found on page 262 and 425 of the User Guide.




 

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
50% helpful (1/2)
Article Information
Author:
Creation Date:
‎09-28-2018
Views:
1589