Skip Navigation

Add files to safelist by certificate

You can add files to your
console safelist by certificate, allowing custom software that is properly signed to run without being quarantined by the agent. The timestamp, subject, issuer, and thumbprint information from the certificate is extracted by the console and allows administrators to establish a safelist by signed certificate, as represented by the SHA1 thumbprint.
does not check if the certificate is expired and does not save or upload the certificate to the console. The certificate timestamp is used to represent when the certificate was created. If the certificate changes, such as it is renewed or replaced, it should be added to the safe list in the management console. The safe list by certificate feature works with PowerShell, ActiveScript, and Office macros.
This feature currently works with
agents only
  1. In the console, on the menu bar, click
    Global Lists > Certificates
  2. Click
    Add New Entry
    . The
    Add Global List Entry
    modal displays.
  3. Drag and drop the certificate to the modal. Optionally, you can browse for the certificate.
  4. Select whether the certificate applies to executables or scripts. This allows you to add an executable or script by certificate instead of by folder location. Optionally, you can provide a reason for adding the certificate to the safe list.
  5. Click
    . The Issuer, Subject, Thumbprint, and Notes are added to the repository.