Configure trusted applications for Application-based File Encryption

You can define applications as trusted to grant them access to encrypted files. This is for example necessary to enable antivirus software to scan encrypted files.

Note: Child processes will not be trusted.
  1. In the Policies navigation area, create a new policy of the type General Settings or select an existing one.
  2. Under File Encryption, click the drop-down button of the Trusted Applications field.
  3. In the editor list box, enter the applications to be defined as trusted.
    • You can define multiple trusted applications in one policy. Each line in the editor list box defines one application.
    • Application names must end with .exe.
    • Application names must be specified as fully qualified paths including drive/directory information, for example c:\dir\example.exe. Entering the file name only (for example example.exe) is not sufficient. For better usability, the single line view of the application list only shows the file names separated by semicolons.
    • OS X: entering the application bundle only (for example /Applications/Scanner.app) is not sufficient. The application has to be specified as /Applications/Scanner.app/Contents/MacOS/Scanner.
    • Application names can contain the same placeholder names for Windows shell folders and environment variables as encryption rules in File Encryption policies. For a description of all available placeholders, see Placeholders for paths in location-based File Encryption rules.
  4. Save your changes.
Note: The Trusted Applications policy settings are machine settings. The policy must therefore be assigned to machines, not to users. Otherwise the settings do not become active.