Reputation approvals allow high-trust software to run on agent-managed computers with little administrative effort. How you implement reputation approvals depends on your goals, especially the balance between convenience and protection.
Although you can enable them separately, you get the maximum benefit of reputation approvals by enabling both file and publisher reputation approvals:
- File reputation approvals – Not all files are signed by a publisher. By using file reputation approvals, you can take advantage of the reputation data for specific files known to Carbon Black File Reputation, regardless of whether a file has a known publisher.
- Publisher reputation approvals – By using publisher reputation approvals, you ensure that all files signed by trusted publishers, including new files that might not have their own reputation yet, are approved and can run on agent-managed computers. Files from approved publishers are approved locally on connected agent-managed computers.
You can enable reputation approvals for all computers or only for computers in specific policies. There is no performance benefit or penalty for limiting reputation approvals to certain policies, so you should enable reputation approvals for all policies except those in which you want complete control over which specific files can be executed.
Note: When
Carbon Black File Reputation is activated, Publisher Trust values are shown on the
Publishers tab. This tells you what to expect when you enable Approvals for publishers. If the Trust value for a Publisher is High, then all files from that publisher are approved when reputation approvals for publishers are enabled.