When the monitor is enabled, the Trusted Application functionality will be active on the server. Disable or delete the monitor to stop
the Trusted Application functionality. There is an approximate 30 second delay from disabling/deleting the monitor until the Trusted Application
functionality is completely disabled.
The monitor allows specifying Test Mode (where file activity is not actually blocked) or Block Mode which is the production setting.
Alerting for blocked files can also be enabled.
If you need to temporarily disable the monitoring and checking of a Trusted Application monitor, click the Pause Rules button. This is useful in situations where new
software needs to be installed (sometimes installer components are not signed).
If you need to temporarily disable Trusted Applications on an Endpoint, go to Endpoint Services > Endpoint Operations. There you can filter the Endpoint list to
just those you want to disable the checking on, and then click the "Pause Trusted Application Checking" button on the right. This will disable checking for 15 minutes.
When this monitor runs, it will record any files that are blocked for which reports can be run. There is also an interactive Trusted Applications Warning
viewer that can be used to help fine tune the system.