Adding event-related executable files to the application category

Expand all | Collapse all

You can add executable files related to the Application startup prohibited and Application startup prohibited in test mode events to an existing application category with content added manually or to a new application category.

To add executable files related to Application Control events to the application category:

1. In the console tree, select the node with the name of the required Administration Server.
2. In the workspace of the node, select the Events tab.
3. On the Events tab, select the required events.
4. In the context menu of one of the selected events, select Add to category.
5. In the Action on executable file related to the event window that opens, specify the relevant settings:

   Select one of the following:

   • Add to a new application category

     Select this option if you want to create a new application category.

     Click the OK button to start the Create User Category Wizard. When the Wizard completes, the category with the specified settings is created.

     By default, this option is not selected.

   • Add to an existing application category

     Select this option if you have to add rules to an existing application category. Select the relevant category in the list of application categories.

     This option is selected by default.

   In the Rule type section, select one of the following settings:

   • Add to category

     Select this option if you have to add rules to the conditions of the application category.

     This option is selected by default.

   • Rules for adding to exclusions

     Select this option if you want to add rules to the exclusions of the application category.

   In the File info type section, select one of the following settings:

   • Certificate details (or SHA-256 hashes for files without certificate)

     Files may be signed with a certificate. Multiple files may be signed with the same certificate. For example, different versions of the same application may be signed with the same certificate, or several different applications from the same vendor may be signed with the same certificate. When you select a certificate, several versions of an application or several applications from the same vendor may end up in the category.

     Each file has its own unique SHA-256 hash function. When you select an SHA-256 hash function, only one corresponding file, for example, the defined application version, ends up in the category.

     Select this option if you want to add to the category rules the certificate details of an executable file (or the SHA-256 hash function for files without a certificate).

     By default, this option is selected.

   • Certificate details (files without a certificate will be skipped)

     Files may be signed with a certificate. Multiple files may be signed with the same certificate. For example, different versions of the same application may be signed with the same certificate, or several different applications from the same vendor may be signed with the same certificate. When you select a certificate, several versions of an application or several applications from the same vendor may end up in the category.

     Select this option if you want to add the certificate details of an executable file to the category rules. If the executable file has no certificate, this file will be skipped. No information about this file will be added to the category.

   • Only SHA-256 (files without hash will be skipped)

     Each file has its own unique SHA-256 hash function. When you select an SHA-256 hash function, only one corresponding file, for example, the defined application version, ends up in the category.

     Select this option if you want to add only the details of the SHA-256 hash function of the executable file.

   • Only MD5 (discontinued mode, only for Kaspersky Endpoint Security 10 Service Pack 1 version)

     Each file has its own unique MD5 hash function. When you select an MD5 hash function, only one corresponding file, for example, the defined application version, ends up in the category.

     Select this option if you want to add only the details of the MD5 hash function of the executable file. Computing of the MD5 hash function is supported by Kaspersky Endpoint Security 10 Service Pack 1 for Windows and all earlier versions.

6. Click OK.