While a blacklist is a collection of everything that is known to be malicious and needs to be blocked from a system, a whitelist is a list of everything that is known to be safe and always allowed on a particular host or system. A whitelisting approach means only allowing known good entities/behaviors into the system. DPP uses whitelisting in its host protection module to control which files, libraries, and dll's are allowed to run a protected host. Unless the DPP probe is running in Pristine Mode, which additionally whitelists every file that was already on the host machine before DPP install, all files, libraries, and dll's must either pass a reversing labs check or be explicitly added by the customer to make the whitelist.