The Applications tab in the Policies section of the Admin Web Console is where Applications, Process or Command Line Regular Expressions (RegEx), can be defined. These Application groups can be applied to policies allowing granular control over what application on the client machine is allowed or prohibited from using the certificate associated with the policy.
Creating an Application Group
Select Add Application Group from the Applications tab in the Policies section of the Admin Web Console. This will bring up a new window to define the application group.
Application Group Name
The name for this application group.
The name of the application (without the extension) to define, for example “mmc” or “signtool” to reference the Microsoft Management Center or Microsoft’s Signtool respectively. To allow for any application you can use the * as a wildcard operator by entering a period followed by an asterisk [ .* ] If desired, multiple processes can be added.
The Command line option allows for defining a RegEx that will look at the command being run and match it to the defined expression. This can be useful in situations where you may want to enforce the use of specific properties like a Time Stamp Authority or other settings when the certificate is being used.
In the example below a RegEx is used to define a locally running Time Stamp Authority using the /t flag in Microsoft's Signtool for generating Authenticode signatures.
After entering the process or command line expression desired select Add and it will be added to the application group. You can hover over the added process to copy it or delete it.
To test the process or command line expression after it has been added there is a “Search Coincidences” field that can be used to test if the entered text matches any properties that have been added to this application group. Simply enter the text to test and select Test, Signum will return a warning through the UI if nothing is found or a success and the number of elements matched to the field.