You can approve files by publisher when it is not practical to approve applications using a trusted directory and you want to permit all users to install all software from a particular source.
Applications from approved publishers are permitted to be installed and run on computers in the policies to which the approval applies. The Global State of publisher-approved files is changed (if necessary), but the File State is not changed (see Global File State). Each instance of such files is locally approved, and therefore allowed to run on the computer on which it is present.
Approving by publisher allows you to assure that new files from a trusted source are pre-approved when they arrive on an agent-managed computer. It can reduce the amount of rule traffic sent to agents because it is not necessary to send an individual rule for each file.
There are two ways to approve a publisher:
- Manual Approval
- You can manually approve publishers that you select from the list on the Publishers tab.
- Reputation Approval
- You can enable automatic approval of all publishers that meet a particular trust threshold as reported by Carbon Black File Reputation. Approving a publisher by reputation has the same effect on existing files as approving it manually. As soon as a file with a new publisher is discovered on one of your computers, the publisher is approved if it is known to Carbon Black File Reputation and meets the trust level you selected. Details and considerations for reputation approval of publishers are described in Reputation Approval Rules.