Knowledge Center

Binary is signed by a certificate, but an ‘Allow by Certificate’ rule cannot be created
Technical Articles ID:   KB85696
Last Modified:  9/24/2015


McAfee Application Control (MAC) 7.0.x


An Allow by Certificate rule cannot be created even though the binary is signed by a certificate.


There are a couple of possible causes/solutions:
  • The associated certificate is not an Embedded certificate.

    To allow the certificate, go to Menu, Application Control, Policy Discovery, Policy Discovery Details page. In the Request Details section, click the Lookup in TIE link and set the certificate reputation.

    Alternatively, you can search for the certificate hash under TIE Reputation, Certificate Search tab to set the certificate reputation.
  • The associated certificate is present in the Restricted Publisher Names list.

    It is not recommended to change the Restricted Publishers list. To view the list, go to Menu, Configuration, Server Settings, Solidcore, Restricted Publisher Names.

Rate this document

Beta Translate with

Select a desired language below to translate this page.


This article is available in the following languages:

English United States

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.