I suspect whitelisting ccmexec.exe won't achieve the goal you have in mind. That will allow that particular application to run, but depending on your policies (execution restrictions), Traps may block the execution from Temp folders. Ultimately, you are looking to whitelist the corporate apps that will be running, not ccmexed.exe, right? Here are a few of suggestions: If these apps don't change often, whitelist their hashes by adding an Admin Override Policy (in the Hash Control table) for each application. That will allow them to run anywhere in the environment. If it is possible to control which folder these apps are executed in when they are downloaded, I would choose a specific folder (other than C:\Temp and other "standard" temp directories) and whitelist the folder as well (in Execution Restrictions). If these apps change often, run them on a Traps-protected machine (anywhere in your environment) before distributing them. That way, you can ensure that if they are blocked by Traps for whatever reason (and are presumably quarantined), your admins can restore the apps and thereby whitelisting them across the environment. Keep in mind that the Execution Restrictions are always checked, regardless of which other malware prevention methods are invoked. So be sure to verify these restrictions match what you're looking to set up.
... View more