Find the desired product help

File Rating Settings


  • A file’s trust rating determines how Xcitium Client Security (XCS) handles the file on the endpoint.
  • The ratings are obtained from Xcitium's online file database, from the local XCS vendor list, and from the local XCS file list.
  • Whenever a file is accessed, XCS does a lookup on the online database, and also consults the two local lists.

The file is classed as trusted if:


  • The app is from a vendor who has a 'Trusted' status in the local vendor list in XCS.
  • The app is trusted in the online file database (aka, it is whitelisted).
  • The application/file is trusted in the local XCS ‘File List’

Note: XCS uses Ports 4446 and 4447 of the endpoint computers for TCP and UDP connections to the cloud. If this option is enabled, we advise you keep these ports free and do not assign them to other applications.


The interface lets you configure the overall behavior of the file rating system on Windows devices to which the profile is applied. You can also choose whether or not local file ratings should be consulted.


Configure File rating settings


  • Click 'Section'> 'XCS'>’File Rating’ > Click 'Edit
  • Select ‘File Rating’ 'if it does not configure yet. 

The file rating screen has two tabs:


  • File Rating - Enable file rating and configure overall behavior.
  • Local Verdict Server Settings - Choose whether XCS should obey or ignore admin trust ratings which have been assigned to a file. Admins can assign a trust rating to a file in Endpoint Manager at ‘Security Sub-Systems’ > ‘Application Control’. If disabled, file rating scans will only consider the local and Xcitium rating



File Rating Configuration - Table of Parameters

Form Element

Description

Enable Cloud Lookup

XCS automatically checks the reputation of files on Xcitium's file lookup service (FLS).

  • Disable this option if you do not want XCS to use the cloud-based file rating.

(Default = Enabled)

Enable upload metadata of unknown files to the cloud

 XCS uploads anonymized information about unknown files to Xcitium servers. This allows us to analyze and whitelist/blacklist files more effectively.

  • Disable this option if you do not want XCS to send metadata to Xcitium servers.

(Default = Enabled)

Show Cloud Alert

 XCS can show an alert on the device when malware is found during a file rating scan. Users can block or allow the malware from the alert.
  • Disable this option if you don't want users to see an alert. If disabled, XCS will automatically block and delete any discovered malware.

(Default = Disabled)

Detect potentially unwanted applications

A potentially unwanted application (PUA) is an app that:

  • A user may or may not be aware is installed on their computer.
  • May have functionality and objectives that are not clear to the user.

PUAs include adware and browser toolbars. They are often installed as an extra when the user is installing an unrelated piece of software. Unlike malware, many PUA's are legitimate pieces of software with their own EULA agreements. However, the true functionality of the software may not have been made clear to the end-user at the time of installation. For example, a browser toolbar may also contain code that tracks a user's activity on the Internet.


XCS will show an alert on the endpoint if it detects a PUA and a log entry is created.


(Default = Disabled)

Auto Purge is enabled

 XCS checks the file list and removes invalid and obsolete entries. You can specify the interval at which the check should take place.


(Default = Enabled)

Auto Purge Period

 The time interval at which auto-purge operations are performed.

  • Enter the time interval in hours.

(Default = Four hours)

Custom FLS access ports

Define custom ports through which the file lookup service will connect.

  • Select the protocol(s) and enter the port details for UDP or TCP connections.

(Default = Disabled)
Use proxy when performing Cloud Lookup  If enabled, XCS submits files to FLS for analysis through a proxy. The proxy server is same one that is defined for program and database updates.

(Default = Disabled)

Enable report for non-executable files

If enabled, XCS sends a report on files identified as non-executable to EM on each file rating scan.


(Default = Enabled)

Show non-executable files

If enabled, non-executable files will also be added to the 'File List' interface of XCS on the endpoint.


To access the file list in XCS, click 'Tasks' > 'Advanced Tasks' > 'Advanced settings' > 'Security settings' > 'File Rating' > 'File list'.


(Default = Enabled)

  • Click 'Save' to apply your file rating settings.


Local Verdict Server Settings


Local Verdict Server Settings - Table of Parameters

Form Element

Description

Enable Local Verdict Server

Choose whether XCS should consider the admin ratings assigned to a file. (Default = Enabled)
  • Admins can change the trust rating of a file in Endpoint Manager at ‘Security Sub-Systems’ > ‘Application Control’.

Timeout for Unknown Files

 How often XCS should check Endpoint Manager for new ratings on files that are currently have no rating at all.

(Default = 2 Minutes)

Timeout for known files (Trusted, malware and Unrecognized)

 How often XCS should check Endpoint Manager for new ratings on files that are currently rated as ‘Trusted’, ‘Malware’ or ‘Unrecognized’.

(Default = 1 Hours)

  • Click 'Save' to apply your changes.