Creating an application category with content added automatically

Expand all | Collapse all

To create an application category with content added automatically:

1. In the console tree, in the Advanced → Application management folder select the Application categories subfolder.
2. Click the New category button to start the New Category Wizard.

   In the Wizard window, select Category with content added automatically as the user category type.

3. In the Repository folder window, specify the relevant settings:
   • Path to folder for automatic category content addition

     In this field, specify the path to the folder in which Administration Server will regularly search for executable files. The path to this folder is specified when the category is created. The path to this folder cannot be changed.

   • Include dynamic-link libraries (DLL) in this category

     The application category includes dynamic-link libraries (files in DLL format), and the Application Control component logs the actions of such libraries running in the system. Including DLL files in the category may lower the performance of Kaspersky Security Center.

     By default, this check box is cleared.

   • Include script data in this category

     The application category includes data on scripts, and scripts are not blocked by Web Threat Protection. Including the script data in the category may lower the performance of Kaspersky Security Center.

     By default, this check box is cleared.

   • Hash value computing algorithm

     Depending on the version of the security application installed on devices on your network, you must select an algorithm for hash value computing by Kaspersky Security Center for files in this category. Information about computed hash values is stored in the Administration Server database. Storage of hash values does not increase the database size significantly.

     SHA-256 is a cryptographic hash function: no vulnerabilities have been found in its algorithm, and so it is considered the most reliable cryptographic function nowadays. Kaspersky Endpoint Security 10 Service Pack 2 for Windows and later versions support SHA-256 computing. Computing of the MD5 hash function is supported by all versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows.

     Select either of the options of hash value computing by Kaspersky Security Center for files in the category:

     • If all instances of security applications installed on your network are Kaspersky Endpoint Security 10 Service Pack 2 for Windows or later versions, select the SHA-256 check box. We do not recommend that you add any categories created according to the criterion of the SHA-256 hash of an executable file for versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows. This may result in failures in the security application operation. In this case, you can use the MD5 cryptographic hash function for files of the category.
     • If any versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows are installed on your network, select the MD5 hash. You cannot add a category that was created based on the criterion of the MD5 checksum of an executable file for Kaspersky Endpoint Security 10 Service Pack 2 for Windows or later versions. In this case, you can use the SHA-256 cryptographic hash function for files of the category.

     If different devices on your network use both earlier and later versions of Kaspersky Endpoint Security 10, select both the SHA-256 check box and the MD5 hash check box.

     The Calculate SHA-256 for files in this category (supported by Kaspersky Endpoint Security 10 Service Pack 2 for Windows and any later versions) check box is selected by default.

     The Calculate MD5 for files in this category (supported by versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows) is cleared by default.

   • Force folder scan for changes

     If this option is enabled, the application regularly checks the folder of category content addition for changes. You can specify the frequency of checks (in hours) in the entry field next to the check box. By default, the time interval between forced checks is 24 hours.

     If this option is disabled, the application does not force any checks of the folder. The Server attempts to access files if they have been modified, added, or deleted.

     By default, this option is disabled.

   • Force folder scan for changes

     In this field, you can specify the time interval (in hours) after which the application starts a forced check for changes to the folder of automatic category content addition. By default, the time interval between forced checks is 24 hours. This field is available if the Force folder scan for changes check box is selected.

     By default, this check box is cleared.

4. Follow the instructions of the Wizard.

When the Wizard completes, an application category with content added automatically is created. You can view the newly created category using the list of categories in the workspace of the Application categories folder.