Let’s say you have an installer that is trusted by CIS (signed), you run it and it installs just fine without questions, and all files \ executables from that installer are whitelisted locally, so every time you actually run the application it’s also runs without questions.
Now let’s say something happened and you’ve reinstalled CIS, or cleaned entire “trusted files” list, so now when you run previously installed application, it most likely won’t be recognized.
So I ask, do you think CIS should somehow update it’s online whitelist with files that came from trusted installer? Or is it parhaps too much of a risk (since, although rare, sometimes malware signatures can be found in TVL)?
If the installer and vendor is trusted then the files spawned by this installer would most likely be trusted even after re-install because they would most likely still have the signature of a trusted vendor, though if it spawns files without any signatures and then after you reinstall those files would probably be unrecognized but I would blame that on the vendor that created the files since they didn’t sign all of the files that the installer drops.