App Control: Differences Between Trusted Directory and Trusted Path?
Article ID: 284907
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
What are the differences between Trusted Path and Trusted Directory?
Environment
- App Control (Formerly CB Protection) Console: All Supported Versions
Resolution
Trusted Path:
What it does?
What it does?
What it does?
- Allows the execution/promotion of files from a specified path
- Files can be instantaneously executed after added
- Locally approving files can be more secure/controlled
- Has little impact on performance
- Files must be executed from the specified path (may effect ease of use)
- Specified path is trusted on all devices
What it does?
- Globally approves files in a specified path
- Once globally approved, files can be executed from anywhere
- Automatically analyzes and approves files that will be written by archive files
- Takes time to process approval and send out to agents
- Can be less secure/controlled (execute from anywhere)
- When overused, can cause performance issues
Additional Information
- How effective and secure a rule is depends on how it's going to be utilized in the environment. Before implementing any rule it's best to review with a dedicated security team and consider all attack vectors.
- More information on Trusted Paths and Directories can be found on page 262 and 425 of the User Guide.
Feedback
Yes
No
Powered by
