I am curious as to how peoples experience has been with Trusted Application list building. I am debating about basing it off of “signer” and not as granular as signer and each exe.
Reason being the environment we are deploying to is very large, 10,000+ and a wide variety of version for example MS Office 2003, 2007, 2010 each suite plus other products such as visio and project already build a lengthy list and the maintaining of that list. Is it that much of a risk if all Microsoft signer details are listed as trusted instead of all the variety of signer info (4-5) per EXE for MS Office…?
Any thoughts or feedback would greatly appreciated. I have to make a decision and I am at a total loss as to what would be best.
Also, solution will be growing to 20,000 systems.
Any other ideas or suggestions? Thanks in advance
I think the best practice is by starting deploying ePO on a test work stations and servers and put it on adaptive mode or learning mode and see the day to day use of those workstations and servers then use that policy and tighten up and deploy it to a large enviroment
Ian Zwirek wrote:
Where do the learned rules appear on the epo 4.6 server?
Learned client rules go into the Menu, Reporting, Host IPS 8.0 menu. Look for IPS Client Rules and Firewall Client Rules.