hjlbx

Question - How to Handle Installers?

Recommended Posts

Hello,

 

I have a few questions regarding installers:

 

1.  If the installer is from a trusted vendor and digitally signed, but the payload is not digitally signed,

     then this prompts an AMN query correct?

 

2.  If the installer is not from a trusted vendor and digitally unsigned there is an AMN query, correct?

 

3.  At a Behavioral Alert is it not best to "Allow Once" so as not to create an unnecessary Application

     Rule set for the installer?

 

     "Allow Always" creates an Application Rule set whereas "Allow Once" does not, correct?

 

Thanks.

Share this post


Link to post
Share on other sites

Hi hjlbx

 

I think you are making things unnecessarily complicated for yourself.  I don't use the opinion of others (AMN) to make decisions for me nor do I rely on certificates.  If I trust the vendor, and EIS doesn't alert when I download, I just go ahead and install it..  On some free stuff I might watch for certain exe's trying to install such as anything open candy, 

 

If I don't trust the vendor or know him, I have to ask why I am installing, and my try it in a VM first.

 

Pete

Share this post


Link to post
Share on other sites

1.  If the installer is from a trusted vendor and digitally signed, but the payload is not digitally signed,

     then this prompts an AMN query correct?

Not for the installer, no. Only for the payloads the installer may execute and only if the payload is not trusted. Also keep in mind that we don't trust every digital signature blindly and a file doesn't have to be digitally signed to be trusted automatically.

 

2.  If the installer is not from a trusted vendor and digitally unsigned there is an AMN query, correct?

Not necessarily.

 

3.  At a Behavioral Alert is it not best to "Allow Once" so as not to create an unnecessary Application

     Rule set for the installer?

 

     "Allow Always" creates an Application Rule set whereas "Allow Once" does not, correct?

Doesn't matter much to be honest. Installers are often removed after installation and so are the rules associated with them as we automatically remove rules for applications that no longer exist.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.