Skip to content

White Cloud Security Trust Lockdown

Zero-Trust Audit for Malware & Unauthorized Software

March 1, 2025

Available on AWS Marketplace and on-prem Data Center Appliance

Trust Lockdown EPP – Zero-Trust Endpoint Protection

White Cloud Security Trust Lockdown provides Zero-Trust Endpoint Protection (EPP), enabling organizations to conduct a malware and unauthorized software audit on Windows and Windows Server endpoints.

Using the following procedure, security teams can identify all unapproved executables, libraries, and scripts running across their infrastructure.

  • Organize Endpoints into Security Groups by function (if desired)
  • Deploy Agents to start the Audit Process
  • Review the Policy Exceptions to identify unapproved software

NOTE: The deployed Agents will run in Audit Mode and not block any software.

3 steps to identify Unapproved software

  1. Create & Organize Security Groups

    • Create a Security Group for the endpoints to be audited.
    • The Default Policies will identify every Application running on each Endpoint.
      • To filter out Approved Apps, open the "Software I Can Trust" panel in the Security Group and trust all Approved Software Trust Profiles, including the "CERT Trust Repository" in the "Profiles I Can Trust" panel.

  2. Deploy Trust Lockdown Endpoint Agents

    • Click on the "Click to Download and Install" button
    • Click on "Download RMM Deployment Scripts"
    • Click on "Install Endpoint Agent"
    • Download or Copy the script for ruuning the deployment
    • Run this RMM PowerShell Installation script in your
      • RMM framework or
      • Active Directory Group Policy Objects
    • Note: This will install and activate the endpoint agents across Windows 10, 11, and Windows Server devices (2019, 2022, and 2025). (Legacy Windows Operating systems may not have PowerShell installed and may require an MSI package installation.)

  3. Analyze and refine the list of Unknown Software

    • Use the Monitor Mode Exceptions panel in the Dashboard.
    • Click on the "Open Pivot Table" button to review applications that are not approved in the White Cloud Security "vanilla trust-lists".
    • Add Trust for:
      • Code-Signing Certificates for Approved Vendors.
      • Handprints for Unsigned Apps that are Approved.
    • Use the Refresh button in the Pivot Table to reload it, filtering out approved software.

By leveraging Trust Lockdown’s Zero-Trust cybersecurity software audit model, organizations can identify malware, unauthorized software execution, and ensure that only authorized software is running on their endpoints.

Deployment Alternatives

  • MSPs, MSSPs, and auditors can deploy the Trust Lockdown Service on AWS, set up Security Groups, Admin accounts, and Organizational Roles, and connect client endpoints for auditing.
  • Organizations can deploy the service in their own AWS accounts, manage Security Group hierarchies, and grant access roles to MSPs, MSSPs, and auditors as needed.

Benefits of Using the Trust Lockdown Service on AWS

  • Data Privacy & Control: Organizations and their authorized contractors or auditors retain full control over cybersecurity data.
  • Flexible Storage Location: Ensure cybersecurity data is stored in a compliant and secure location.
  • Governed Backups: Organizations define policies for backing up and managing cybersecurity data.
  • Post-Audit Management: Retain, delete, or restore data as needed, following governance policies—whether in the AWS Trust Lockdown Service or a private MySQL database.