Carbon Black App Control supports a Custom Rule that creates a trusted path. A trusted path can be useful as a network location in which you place installers, so that computers in some or all policies can execute them.
The local state of any files written by a file in a trusted path depends on the Execute Action command that is used. If the Execute Action is Allow, an installer is allowed to write files but those files are not locally approved by the action. If the Execute Action is Allow and Promote, the installer can write files and those files will be locally approved (unless already banned). In either case, the global state of any files written is unaffected by the trusted path. See Trusted Paths for more details.