You can require that the digital signature for a certificate is countersigned for Carbon Black App Control to approve a signed file by publisher. This option can provide greater security against manipulation of time stamps on a signature.

By default, no countersignature is required. If you select this option, certificates that are not countersigned are not considered valid for use in approval by publisher.

Note the following additional details of countersignature handling:

• If the option is not selected, signatures lacking a countersigner are only valid for the life of the signing certificate.
• Regardless of this setting, if a countersignature is present, it must be valid for the digital signature to be considered valid.