Currently CIS has a Trusted vendors list containing a list of known vendors and their digital signature ID.
This list of vendors is allowed to run any signed program by default. However, this is not always desirable. Unfortunately at the moment there is no real way to customise this behaviour, it is either on or off for all vendors listed and every time CIS upgrades, any vendors the user chose to remove are put back again.
My proposal is to change the list so that there are three options (radio buttons) for each listed vendor, plus a date the vendor was added.
Trusted - Works as now
Validated - User gets a prompt (as now with vendors not on trusted list), but message could also mention the digital signature has been validated
Untrusted - Executable is not allowed to run
In addition, when CIS is upgraded only new entries are added (set as trusted by default) and existing entries are left alone. By having a date added field, users who wish can easily identify the newcomers.
I like your idea. The trusted vendor list is to far-reaching for my tastes. More user control is definitely needed here.
There have been many wishlist posts about the behavior of the trusted vendor list. Most often that the trusted vendor list keeps getting repopulated after every update. It’s not very fun to have to re-trim the list each time! It would be nice if CIS asked the user which (If any) new vendors the user would like to have added to their list instead of just adding them by default.
Also the nomenclature “Defined By User” assigned to all these vendors what the user didn’t actually define… 88)
I like the idea. In my opinion what should be done is by default all of them are initially Trusted.
If the user does nothing it will work as it is now, but by going into Defense+ you can manually change the status of each Vendor to your liking.