Trusted Groups and Trusted Users
For Application Whitelisting, SecureAPlus makes use of Trusted Groups and Users who will have the rights to: –
add new whitelist
modify the trust level of each program file
run any installation software that is trusted as an installer
modify SecureAPlus settings.
By default, Administrators is the default trusted group who are allowed to do anything on Windows. Likewise for SecureAPlus which will work on every Windows machine. For enterprise user with several administrators, you can add specific administrators to the Trusted Users and remove Administrators from the Trusted Groups. This is to only give rights to specific administrators instead of all the administrators.
One user can belong to a certain group or it can belong to multiple groups.
For Windows to boot up and run all the operating system files, it will log on as the System account in the background. Likewise, for Local Service and Network Service accounts, Windows have to use these accounts to perform some operating system tasks such as Windows Update. Therefore, all these 3 accounts have to be found in the Trusted Users list so as to allow Windows to add new whitelist and perform their tasks as per normal without being blocked by Application Whitelisting.
Note: When non-trusted user account tries to execute a Trusted Installer application, the trust level will be automatically downgraded to Trusted Application during run-time (not permanent).
In addition, for non-trusted users, their SecureAPlus is always in Lockdown mode and they do not have permission to change the application whitelisting modes.