Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3158
Views
15
Helpful
6
Replies

Secure Endpoint - warn trusted

Go to solution
cheivilin
Level 1
Level 1

‎01-11-2022 07:20 AM

I am newer to the Secure Endpoint Product and cannot find int he user guide or our current documentation for a warn trusted cert.  I am assuming with the amount of software etc that is out there this could be a pretty normal occurrence and to keep an eye on this.  But wanted to get a objective opinion.

 

this is what i see with the device trajectory of the event:

File signed by Wavesor Software with certificate serial 04e41f85c676a21263778bd92dfbbbb8 from DigiCert EV Code Signing CA (SHA2). Expires 23:59:59, Wed Jan 25 2023 UTC. the certificate was warn trusted

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Troja007
Cisco Employee
Cisco Employee
In response to lajolla95

‎01-14-2022 05:29 AM

Hello @lajolla95 ,
a certificate issue does not outline if there is a threat active on an endpoint. Even legitimate older software is signed with an outdated certificate. What type of events are shown for the particular endpoint? Is there an Inbox instance raised? What is the disposition of the file hash? Any insights from Threat Response? 

There are many options in Secure Endpoint showing you if there is something wrong with the endpoint, in addition to the Certificate information.
Greetings,
Thorsten

View solution in original post

6 Replies 6

Go to solution
Troja007
Cisco Employee
Cisco Employee

‎01-12-2022 05:54 AM

Hello @cheivilin ,
just wanted to check if I understood your question right. You want to configure some kind of rule which gives you an alert if a file with a specific certificate has been seen, right?
Greetings, Thorsten

0 Helpful

Go to solution
lajolla95
Level 1
Level 1
In response to Troja007

‎01-13-2022 07:13 AM

NO i am trying to figure out if "warn trusted" is something i should be concerned with.

0 Helpful

Go to solution
Troja007
Cisco Employee
Cisco Employee
In response to lajolla95

‎01-14-2022 05:29 AM

Hello @lajolla95 ,
a certificate issue does not outline if there is a threat active on an endpoint. Even legitimate older software is signed with an outdated certificate. What type of events are shown for the particular endpoint? Is there an Inbox instance raised? What is the disposition of the file hash? Any insights from Threat Response? 

There are many options in Secure Endpoint showing you if there is something wrong with the endpoint, in addition to the Certificate information.
Greetings,
Thorsten

Go to solution
cheivilin
Level 1
Level 1
In response to Troja007

‎01-17-2022 09:10 AM

thank you very much.  MY assumption was this as it is built on IE 11 architecture for a third party software for automotive techs 

0 Helpful

Go to solution
Ken Stieers
VIP
VIP

‎01-14-2022 11:20 AM

It means there was a cert warning but either the software overrode it, or a user ok'd it.
Wavesor is a maker of the Wave Browser... you'll want to get that off the machine.


Go to solution
cheivilin
Level 1
Level 1
In response to Ken Stieers

‎01-17-2022 09:09 AM

thank you

0 Helpful
Customers Also Viewed These Support Documents