CIS is supposed to be an integrated suite, and in the case of Trusted Application, the current Treat this application as is confusing and seemingly redundant because the same predefined policy name is used for more than one component (Firewall and Defense+).
I don’t think it makes sense to many (most?) users to have to tell CIS twice that a given application should be Trusted – they will tend to think something is wrong with the software. I know I did.
If the response to any CIS alert is to treat foo.bar as a Trusted Application, then I think foo.bar should be Trusted throughout the CIS suite, not just in one component.
This is different from predefined policies that are unique to a given component.
What I think may be needed is to make Trusted Application a special global predefined policy, or possibly with separate (a) Trusted by component and (b) Trusted by all of CIS policies.
Thanks for CIS and for listening,
John