Installer and Updater

several of my programs are tagged as Installer and updater. Thats okay but that option doesn’t exist under the predefined policies so how do I find out what is actually being applied to the files.

     Is there anywhere you can find suggested setups for web browsers or other types of programs which exist under computer network policies but not under computer security predefined policies. Otherwise they tend to end up open everything is allowed,


From the top of my head. Installer/Updater is allowed everything Trusted Application is allowed to plus it can start other applications several layers deep. It is a pretty powerful policy.

It is odd it does not show up in the predefined policies list even with CIS set to not use the sandbox (which will make the Installer/Updater a choice in the alerts). A minor bug if you ask me.