From deab45c26e76d8de2a2a0f195293fa92ed0723f1 Mon Sep 17 00:00:00 2001
From: Edward Marczak <marczak@radiotope.com>
Date: Thu, 28 Oct 2021 09:58:51 -0400
Subject: [PATCH] Add EnableBadSignatureProtection key

Add EnableBadSignatureProtection key and description into the configuration.md doc.
---
 docs/deployment/configuration.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/deployment/configuration.md b/docs/deployment/configuration.md
index 85017cc86..ab6a442c0 100644
--- a/docs/deployment/configuration.md
+++ b/docs/deployment/configuration.md
@@ -23,6 +23,7 @@ Additionally, there are options that can be controlled by both.
 | FileChangesRegex*             | String     | The regex of paths to log file changes. Regexes are specified in ICU format. |
 | AllowedPathRegex*             | String     | A regex to allow if the binary or certificate scopes did not allow/block execution.  Regexes are specified in ICU format. |
 | BlockedPathRegex*             | String     | A regex to block if the binary or certificate scopes did not allow/block an execution.  Regexes are specified in ICU format. |
+| EnableBadSignatureProtection  | Bool       | Enable bad signature protection, defaults to NO. If this flag is set to YES, binaries with a bad signing chain will be blocked even in MONITOR mode, **unless** the binary is allowed by an explicit rule. |
 | EnablePageZeroProtection      | Bool       | Enable `__PAGEZERO` protection, defaults to YES. If this flag is set to YES, 32-bit binaries that are missing the `__PAGEZERO` segment will be blocked even in MONITOR mode, **unless** the binary is allowed by an explicit rule. |
 | MoreInfoURL                   | String     | The URL to open when the user clicks "More Info..." when opening Santa.app.  If unset, the button will not be displayed. |
 | EventDetailURL                | String     | See the [EventDetailURL](#eventdetailurl) section below. |