Page 1 of 1

Feature Suggestion: Certificate Based Global Rules

Posted: Thu Jul 06, 2017 6:34 am
by jasmas
I appreciate the conceptual idea behind the current implementation of Global Rules and Managed Folders, but am hesitant to use either because I'd like to be able to rely on Vallum to catch malicious software if it is hidden in default executable directories or attempting to access iCloud. What would be really useful is if I could create global rules based on trusted certificates. I'd like to be able to create global rules based on either specific trusted developer signing certificates or trusted CAs and intermediate authorities with inheritance. It would also be useful if when prompted by Vallum a global rule could be created right from the prompt based on the application's signature to either trust either the specific certificate used to sign the executable or all certificates issued by a CA in the chain of authority. This would give me an easy way to trust all software shipped by Apple for example.

I'm not sure, but it may also help with the problem of how to create rules for scripting engines, such as python and ruby because the macOS code signing implementation is capable of signing and verifying signatures on the script files themselves.