Based on your internal standards and procedures and on the required scope of the approval (network-wide or computer-specific), you can approve files in the following ways:
| Approval Method |
Software Is Approved for |
When to Use |
|---|---|---|
| All computers (global) |
When you have a trusted, secure server (for example, for software deployment) on which to create an authorized approval directory. |
|
| Installation computer only (local) |
When you want to give unlimited installation privileges to a Windows user account or all users in a Windows or AD group. Trusted users can install on any computer on which they log in with their credentials. |
|
| Installation computer only (local), but can be installed on demand by any computer |
Approve all software from a vendor for which Carbon Black App Control can confirm a valid digital certificate. You can also approve or ban certificates that identify a publisher, and this affects file state. See Using Certificates for Enforcement. |
|
| Approving by Publisher Reputation (see Reputation Approval Rules) |
Installation computer only (local), but can be installed on demand on any computer |
Automatically approve all software from all publishers considered trustworthy by Carbon Black File Reputation. |
| Installation computer only (local), but can be installed on demand on any computer |
Permit installation of application updates as they become available for download via specified application update programs. |
|
| Installation computer only (local) |
When you want to locally approve unapproved files found while in Low enforcement or higher when you move the computer from a less secure Enforcement Level to either Medium or High. |
|
| Installation computer only (local) |
Permit users on computers in High Enforcement policies to install software. Local approval occurs when a user installs an unapproved file while in this mode. |
|
| Change all Unapproved Files on a Computer to Locally Approved |
Installation computer only (local) |
Locally approve all existing unapproved files on a specific computer. |
| Installation computer only (local) |
Select specific files on a computer for local approval. You can locally approve files, or remove local approval. |
|
| Approved for all computers or those in selected policies |
To ensure that a known-good application can run on any computer, approve it by hash. |
|
| Approving by File Reputation (see Reputation Approval Rules) |
Approved for all computers or those in selected policies |
Automatically approve (by hash) all software that Carbon Black File Reputation considers trustworthy. |
| Approving by Event Rule (see Event Rules) |
Varies by rule |
Automatically approve a file, either locally or globally, when it is included in a reported event. |
