File Ratings Explained
Xcitium Client Security (XCS) rates files on Windows devices as follows:
Files that could not be identified as 'Trusted' or 'Malicious' by Xcitium Client Security (XCS). You can review these files and can manually rate them as 'Trusted' or 'Malicious' as required.
Files that are safe to run. Files can be classed as safe by the following:
- File lookup service (FLS) - Whenever a file is accessed, Xcitium Client Security (XCS) checks the file’s reputation on Xcitium's online file database.
- Vendor rating - The app was created by a vendor who has a 'Trusted' status in the local vendor list. Open XCS > Click ‘Settings’ > ‘File Rating’ > ‘Vendor List’.
- Admin rating - You can assign a trusted rating to files in Endpoint Manager at 'Security Sub-Systems > 'Application Control'.
- User rating - Users can assign a trusted rating to a file in the XCS interface. There are two ways to do this:
- Security alert - If an executable is unknown then it may generate a HIPS alert on the local endpoint. Users could choose 'Treat this as a Trusted Application' at the alert
- File List - From the XCS home screen, click 'Settings' > 'File Rating' > 'File List'
XCS creates a hash of all files that a user classifies as 'Trusted'. So, even if the file name is changed it will keep its trust status because the hash remains same. This is particularly useful for developers creating new applications which, by their nature, are unknown to the Xcitium.
Files on the Xcitium blacklist will be quarantined or deleted by XCS. These files are reported to Endpoint Manager as malware.