What are the behaviours of Application Allowlisting
Last updated: November 17, 2022
For installer packages that contain multiple executable files, it is recommended to put the package into a common folder and set the folder to be Trusted Application.
For the main installer file to be executed directly, set it as Trusted Installer (Eg: setup.exe) and run.
The prompting depends on the Application Allowlisting settings, by default, it is Trust by Digital Signature if the file is not in the allowlist, but the digital signature has to be listed under the Trusted Certificate list.
Therefore, if a new application has a digital signature that is not found in the list, you will be prompted for further actions.
If an untrusted executable file is being run and launched by Windows Explorer, Application Allowlisting will notify for further actions as below:
You will be given the option to Remember my answer for this entire process if you do not want to be prompted again.
However, this option will allow everything that Windows Explorer runs to be trusted automatically.
In doing so, malware run by Windows Explorer will be trusted thus causing it to enter the system. Note that for the executable file that is not accessible by Windows Explorer, you may not be able to see and manually set the trust level of the files.
Hence, Application Allowlisting on-the-fly trust will allow you to set the appropriate actions for these files when it is being run.
Nevertheless, you are given the options to Unblock and set the file as a trusted installer if you are sure that the installer file can be trusted and do not want to be further prompted by Application Allowlisting.
To set the file as a trusted installer on-the-fly
Right-click on the installer file name and select Unblock and set file as a trusted installer.
Hovering the mouse in the file name will briefly show the location of the file.
Clicking on it will open a Windows Explorer window of where the file is located.
Left click on the triple dot and select Open process location to look for the process location.
Open the file location.
For Trusted Application which creates new executable files while running, Application Allowlisting will notify for further actions as below:
If you do not wish to get any further prompts and you would like anything that is created by the trusted application not to be trusted, click on Always don't trust. This will place the application into the list of Restricted Application. You can undo this action by removing the application from the list of Restricted Applications in the settings.
Click on View More to view more details of the executable.
Click on Trust only to allow the current freshly created executable file to be elevated to a Trusted Application so that it can be processed. However, the main trusted application will remain the same instead of upgrading into a trusted installer. Therefore, you will still get prompts again if it creates any other new executable files.
For trusted installers, it will not prompt you for any further actions to elevate the newly created executable files as it will all be automatically set as trusted applications. Therefore, trusted installers can run smoothly as per usual without any unneeded prompting.
To set the trust levels for your applications manually
Right-click on the executable file, point to Trust Level. In the menu displayed, the tick will indicate the trust level of the executable file. Select the desired trust level for the executable file.
Right-click on the executable file again, point to Trust Level. In the menu displayed, the tick will indicate the new trust level of the executable file.
Alternatively, you can also set trust levels for the files within a folder. Right-click on the executable file, point to Trust Level. In the menu displayed, select the desired trust level.
Right-click on the folder again, point to Manage Allowlist. A CatchPulse Application Allowlisting window will show the new trust level of the files within the folder.