I'm curious, for those in secure enterprise environments, when and why do you whitelist? Does the whitelist allow the executable to run without any checks at all - what if the executable becomes infected? Is there some CRC or hash digest that is compared to ensure it hasn't changed? What if it updates?
In general is whitelisting a big risk?