Forum Discussion
WDATP - Auditing and Certificate questions
Hello everyone, I'm currently testing WDATP and have two questions: Auditing: As far as I know, the only possible way for auditing (e. g. User xyz initiated a live response session or user xyz ...
Hence no one replyed to this post so far, I did some more research and got an answer about the certificat questions:
- According to some folks from Microsoft, you should use the actual codesigningcertificat, if you want to whitelist (e. g. "allow") a certificate.
- If you want to block an untrusted chain, you can use the Root CA of this chain.
Best regards
Stefan