Views:
The properties and values included in a trust rule define which software changes are auto-authorized by that rule. The following sections detail the trust rule property types you can use to configure trust rules, including steps to help you find the information required to configure the property values.

Process Name

This property specifies the name of the process creating software changes. The process name must use the absolute path of the process, including its file name.
To find a process name of a software change:
  1. Go to Workload Security's Actions tab.
  2. Find and select the software change.
The process name is displayed on the right under Changed By Process along with other details.
Deep Security Agent uses wildcards for process names. Where a process names includes the full path to the process, using globstar ** in a path matches any number of additional characters within the process name, a single asterisk or star * matches any number of additional characters within the current directory only, and a ? matches a single character. The * character will stop its search at directory path delimiters (/ and \). The ? character will not match match directory path delimiters. Drive letters are treated like any other characters in the target path and hold no special significance for matching.
When used in an Ignore from source rule, the process name property is only supported for Deep Security Agent 20.0.0-3165 or later.

Paths

This property specifies the target paths applied to a trust rule. Application Control auto-authorizes software changes if they occur within a path entered for this property, including all subdirectories. You can set multiple paths separated by a semicolon. For example, C:\Windows\;C:\Program Files\.
When entering values for paths, consider how the last slash (\ or /) in a path affects which directories are included:
  • A path ending with a slash will match all sub-directories under that full path. For example, C:\Windows\System\ would match any sub-directories in the System directory.
  • A value specified after the last slash is treated as a regular expression wild card, and will match the specific directory as well as any other directories that start with the same value. For example, C:\Windows\System would include all directories and sub-directories that match "C:\Windows\System*" including C:\Windows\System\, C:\Windows\System32\, C:\Windows\SystemApps\, and so on.
Deep Security Agent version 20.0.0-5137 and later supports globstar (**) wildcard on paths. Using globstar ** in a path matches any number of additional characters within the current directory and its subdirectories, a single asterisk * matches any number of additional characters within the current directory only, and a question mark ? matches a single character. The * character stops its search at directory path delimiter (/ and \). The ? character does not match directory path delimiters. Drive letters are treated like any other characters in the target path and hold no special significance for matching.

SHA-256

When used in an Allow from source rule, this specifies the checksum (SHA-256) of the source process creating a software change. When used in an Allow by target or Block by target rule, it is the checksum (SHA-256) of the software change itself.
To find the SHA256, do one of the following:
  • From Windows PowerShell (for source or target): Follow instructions in the Windows PowerShell command Get-FileHash.
  • From Workload Security (for target only): From Workload Security's Actions tab, find and select the software change. The SHA256 will be displayed on the right along under "SHA256" along with other details.

Vendor

This property, which is currently only supported on Windows, specifies the software vendor.
To find the vendor, do one of the following:
  • From File Explorer:
    1. From the directory containing the process or file, right-click on one of the properties displayed at the top of File Explorer (Name, Date modified, etc.) and select More.
    2. Select Company and click OK.
      The vendor os displayed in the File Explorer window.
  • From Workload Security:
    • From Workload Security's Actions tab, find and select the software change.
      The vendor will be displayed on the right under "Vendor" along with other details.

Product name

This property, which is currently only supported on Windows, specifies the software product name.
To find the product name, do one of the following:
  • From file properties:
    1. From the directory containing the file, right-click the process or file and select Properties.
    2. From the Details tab, look at the value for "Product Name."
  • From File Explorer:
    1. From the directory containing the file, right-click on one of the properties displayed at the top of File Explorer (Name, Date modified, and so on) and click More.
    2. Select Product name and click OK.
      The product name will be displayed in the Product name column.
  • From Workload Security:
    • From Workload Security's Actions tab, find and select the software change.
      The product name will be displayed on the right under Product Name along with other details.

Signer Name

When used in an Allow from source rule, this specifies the signer name of the source process creating a software change. When used in an Allow by target or Block by target rule, it is the signer name in the certificate that signed the target file.
This property, which is currently only supported on Windows, specifies the name of the company that signed the software certificate.
To find the certificate signer name:
  1. Right-click the process or file and select Properties.
  2. On the Digital Signatures tab, find the name of the signer in the Signature list table.
The signer name will be displayed under Signer Name.
To eliminate the maximum amount of software change events or security events, use the signer name rule property to match all events from a specific signer.

Issuer Common Name

This property, which is currently only supported on Windows, specifies the issuer common name (CN) of the signing software certificate.
To find the issuer common name:
  1. Right-click the process or file, and then select Properties.
  2. From the Digital Signatures tab, select the first certificate you see on the signature list.
  3. Select the certificate and click Details.
  4. Select View Certificate.
  5. Go to the Details tab and select Issuer.
If included in the certificate, the issuer CN will be displayed under Issuer.

Issuer Organizational Unit

This property, which is currently only supported on Windows, specifies the issuer organizational unit (OU) of the software certificate.
To find the issuer organizational unit:
  1. Right-click the process or file and select Properties.
  2. From the Digital Signatures tab, select the first certificate you see on the signature list.
  3. Select the certificate and click Details.
  4. Select View Certificate.
  5. Go to the Details tab and select Issuer
If included in the certificate, the issuer OU will be displayed.

Issuer Organization

This property, which is currently only supported on Windows, specifies the issuer organization (O) of the software certificate.
To find the issuer organization:
  1. Right-click the process or file and select Properties.
  2. From the Digital Signatures tab, select the first certificate you see on the signature list.
  3. Select the certificate and click Details.
  4. Select View Certificate.
  5. Go to the Details tab and select Issuer.
If included in the certificate, the issuer O will be displayed.

Issuer Locality

This property, which is currently only supported on Windows, specifies the issuer locality (L) of the software certificate.
To find the issuer locality:
  1. Right-click the process or file and select Properties.
  2. From the Digital Signatures tab, select the first certificate you see on the signature list.
  3. Select the certificate and click Details.
  4. Select View Certificate.
  5. Go to the Details tab and select Issuer.
If included in the certificate, the issuer L will be displayed.

Issuer State or Province

This property, which is currently only supported on Windows, specifies the issuer state or province (S) of the software certificate.
To find the issuer state or province:
  1. Right-click the process or file and select Properties.
  2. From the Digital Signatures tab, select the first certificate you see on the signature list.
  3. Select the certificate and click Details.
  4. Select View Certificate.
  5. Go to the Details tab and select Issuer.
If included in the certificate, the issuer S will be displayed.

Issuer Country

This property (currently supported on Windows only) specifies the issuer country (C) of the software certificate.
To find the issuer country:
  1. Right-click the process or file and select Properties.
  2. From the Digital Signatures tab, select the first certificate you see on the signature list.
  3. Select the certificate and click Details.
  4. Select View Certificate.
  5. Go to the Details tab and select Issuer.
If included in the certificate, the issuer C will be displayed.