File Rating Settings
-
A file's trust rating determines how Xcitium Client Security (XCS) handles the file on the endpoint.
-
The ratings are obtained from Xcitium's online file database, from the local XCS vendor list, and from the local XCS file list.
-
Whenever a file is accessed, XCS does a lookup on the online database, and also consults the two local lists.
The
file is classed as trusted if:
-
The app is from a vendor who has a 'Trusted' status in the local vendor list in XCS
-
The app is trusted in the online file database (aka, it is whitelisted)
-
The application/file is trusted in the local XCS 'File List'
Note: XCS uses Ports 4446 and 4447 of the endpoint computers for TCP and UDP connections to the cloud. If this option is enabled, we advise you keep these ports free and do not assign them to other applications. |
The interface lets you configure
the overall behavior of the file rating system on Windows devices to
which the profile is applied. You can also choose whether or not
local file ratings should be consulted.
Configure File rating settings
-
Click 'Assets' > 'Configuration Templates' > 'Profiles'
-
Click on the name of a Windows profile to open it's details page
Click the 'File Rating' tab, then 'Edit', if it has already been added to the profile
OR
Click 'Add Profile Section' > 'File Rating'' if it hasn't yet been added
The file rating screen has two tabs:
-
File Rating - Enable file rating and configure overall behavior.
-
Local Verdict Server Settings - Choose whether XCS should obey or ignore admin trust ratings which have been assigned to a file. Admins can assign a trust rating to a file in Xcitium at 'Security > 'Endpoint Security' > 'Application Control'. If disabled, file rating scans will only consider the local and Xcitium rating.
File Rating Configuration - Table of Parameters |
|
---|---|
Form Element |
Description |
Enable Cloud Lookup |
XCS automatically checks the reputation of files on Xcitium's file lookup service (FLS).
(Default = Enabled) |
Enable upload metadata of unknown files to the cloud |
XCS uploads anonymized information about unknown files to Xcitium servers. This allows us to analyze and whitelist/blacklist files more effectively.
(Default = Enabled) |
Show Cloud Alert |
XCS can show an alert on the device when malware is found during a file rating scan. Users can block or allow the malware from the alert.
(Default = Disabled) |
Detect potentially unwanted applications |
A potentially unwanted application (PUA) is an app that:
PUAs include adware and browser toolbars. They are often installed as an extra when the user is installing an unrelated piece of software. Unlike malware, many PUA's are legitimate pieces of software with their own EULA agreements. However, the true functionality of the software may not have been made clear to the end-user at the time of installation. For example, a browser toolbar may also contain code that tracks a user's activity on the Internet. XCS will show an alert on the endpoint if it detects a PUA and a log entry is created. (Default = Disabled) |
Auto-Purge is enabled |
XCS checks the file list and removes invalid and obsolete entries. You can specify the interval at which the check should take place. (Default = Enabled ) |
Auto Purge Period |
The time interval at which auto-purge operations are performed.
(Default = Four hours) |
Custom FLS access ports |
Define custom ports through which the file lookup service will connect.
(Default = Disabled) |
Use proxy when performing Cloud Lookup | If enabled ,XCS submits files to FLS for analysis through a proxy. The proxy server is same one that is defined for program and database updates. (Default = Disabled) |
Enable report for non-executable files |
If enabled, XCS sends a report on files identified as non-executable to Xcitium on each file rating scan. (Default = Enabled ) |
Show non-executable files |
If enabled, non-executable files will also be
added to the 'File List' interface of XCS on the endpoint. (Default = Enabled ) |
-
Click 'Save' to apply your file rating settings.
Local Verdict Server Settings - Table of Parameters |
|
---|---|
Form Element |
Description |
Enable Local Verdict Server |
Choose whether XCS should consider the admin trust rating assigned to a file. (Default = Enabled)
|
Timeout for Unknown Files |
How often XCS should check Xcitium for new
ratings on files that are currently have no rating at all. (Default = 2 Minutes) |
Timeout for known files (Trusted, malware and Unrecognized) |
How often XCS should check Xcitium for new ratings on files that are currently rated as 'Trusted', 'Malware' or 'Unrecognized'. (Default = 1 Hour) |
Enable Synchronous Lookup | Able to suspend all online lookups in case of poor or lack of internet connection (Default = Disabled) |
-
Click 'Save' to apply your changes.