Managing Application Whitelisting Mode using Digital Signature

During initial installation, Application Whitelisting will do a whitelisting on your system to whitelist your files and create a whitelist database file. It will use this whitelist file to check if the files are trusted.

The Application Whitelisting feature will immediately kick in right after installation. Therefore, during the initial whitelist creation, Application Whitelisting will start prompting when a new file or application is being executed.

By default, if the file is not in the whitelist, it will be trusted using its digital signature instead-but provided if it is found in the Trusted Certificate list.

To manage the application whitelisting mode

Launch SecureAPlus → App Settings → Application Whitelisting → Basic Setting.

Trust based on Digital Signature (default) – It is turned on to trust files as a trusted installer based on their digital signature even though these files are not in the Application Whitelisting.

Allow application with a valid digital signature to be trusted as an installer if its certificate is:	Description
Trusted by the Operating System	Allow applications to be trusted so long if it is trusted by the OS.
Name is in the Trusted Certificate List (default)	Only applications with certificate name listed in the Trusted Certificate list will be trusted. This setting trusts the vendors of the program that the user has been using. For instance, if the user has been using an Adobe product, e.g. Adobe Reader, when they install Adobe Illustrator, the program will be trusted by hash only.
Name and Thumbprint in the Trusted Certificate List	Only applications with certificate name and thumbprint listed in the Trusted Certificate list will be trusted.

Allow application with a valid digital signature to be trusted as an installer if its certificate is:

Description

Trusted by the Operating System

Allow applications to be trusted so long if it is trusted by the OS.

Name is in the Trusted Certificate List (default)

Only applications with certificate name listed in the Trusted Certificate list will be trusted.

This setting trusts the vendors of the program that the user has been using. For instance, if the user has been using an Adobe product, e.g. Adobe Reader, when they install Adobe Illustrator, the program will be trusted by hash only.

Name and Thumbprint in the Trusted Certificate List

Only applications with certificate name and thumbprint listed in the Trusted Certificate list will be trusted.

Note: To tighten security measures, you may turn off Trust-Based by Digital Signature. Thus the program will be trusted by hash only. If there are new files, for example, Windows Update, by default, it should not prompt you for any new Windows Update files, even if it is trusted by hash only. This is because Windows Updater has been set as a trusted installer.

Do bear in mind, the most convenient, but the least secure configuration is to trust all the certificates, as long as they are trusted by Windows Operating System.

Learn more about Automatically Promote trust level

Support and feedback

Should you encounter any issues using SecureAPlus with any of the mentioned or missed requirements above, you can write to us a docs@secureage.com.

This page was last updated: November 07, 2024