Safe and trusted files - are these different? [v4]

In version 4.x of CIS the ‘Safe files’ policy was introduced. However it is still possible to make files ‘Trusted’ using the Computer Security Policy.

The policies are quite similar, however there are important differences:

  • A safe file is not automatically sandboxed. A trusted file will be sandboxed unless it is also a safe file
  • Safe files can run safe files, trusted files cannot run trusted files
  • The predefined policy for trusted files can be changed in ‘Predefined Policies’ that for safe files cannot.
  • Files can be given safe status when if they are declared safe when looked up on the cloud safe list. They cannot be made trusted
  • Somewhat confusingly, signed files from Trusted Vendors are regarded as safe not trusted.

So broadly speaking you can regard safe files as being related to the automated facilities in CIS, trusted files to the manual facilities.

[i]Please help us improve this introduction by posting suggestions to the ‘Sandbox help materials - Feedback topic’ here.

This introduction has been prepared by a volunteer moderator – with input from many other moderators (Thanks everyone). It has been produced on a best endeavours basis - it will be added to and corrected as we find out more about the sandbox. Please note that I am not a member of staff and therefore cannot speak on behalf of Comodo.[/i]

[Updated: 09 July 2010. Reflects CIS version]