Authorization for signed code
My response team uses Microsoft's PSTools. Sophos classifies them as PUA / Adware. I can go into my AV/HIPS policy and exempt file names, but that lets malicious actors hide from Sophos by using the same name. I can go into Authorization and exempt those that have already been detected, but I can't pre-emptively whitelist a tool that hasn't triggered an alert yet. I would prefer to be able to whitelist any EXE code that carries a legit Microsoft signature.