In CIS 5 it is possible to make files ‘Trusted Files’ using Trusted Files link under Defense Plus. (This is the equivalent of ‘My Safe Files’ in CIS 4.x). It is also possible to make files ‘Trusted applications’ using the Computer Security Policy.
The Trusted Files and Trusted Applications policies are quite similar, however there are important differences:
- A Trusted File is not automatically sandboxed. A trusted application will be sandboxed unless it is also a trusted file
- Trusted Files can execute Trusted Files without requesting permission but not trusted applications, trusted applications cannot run trusted files or applications without asking permission first
- The predefined policy for Trusted Applications can be changed in ‘Predefined Policies’ that for Trusted Files cannot.
- Files can be given Trusted File status automatically by CIS if they are declared safe when looked up on the cloud white list. They cannot be made Trusted Applications automatically by CIS
- Signed files from Trusted Vendors are regarded as Trusted Files not Trusted Applications
- Trusted Files by default are allowed outbound access to the internet, Trusted Applications are not (unless also made trusted using firewall settings).
- Trusted files are identified by hash, trusted applications by path and name.
So broadly speaking you can regard Trusted Files as being related to the automated facilities in CIS, Trusted Applications to the manual facilities.
[i]Please help us improve this introduction by posting suggestions to the ‘Sandbox help materials - Feedback topic’ here.
This introduction has been prepared by a volunteer moderator – with input from many other moderators (Thanks everyone). It has been produced on a best endeavours basis - it will be added to and corrected as we find out more about the sandbox. Please note that I am not a member of staff and therefore cannot speak on behalf of Comodo.[/i]