Kaspersky Security Center 13.1
13.1
English

Contents

[Topic 184060]

Scenario: Application Management

You can manage applications startup on user devices. You can allow or block applications to be run on managed devices. This functionality is realized by the Application Control component. You can manage applications installed on Windows devices.

Prerequisites

  • Kaspersky Security Center is deployed in your organization.
  • The Kaspersky Endpoint Security for Windows policy is created and is active.

Stages

The Application Control usage scenario proceeds in stages:

  1. Forming and viewing the list of applications on client devices

    This stage helps you find out what applications are installed on managed devices. You can view the list of applications and decide which applications you want to allow and which you want to prohibit, according to your organization's security policies. The restrictions can be related to the information security polices in your organization. You can skip this stage if you know exactly what applications are installed on managed devices.

    How-to instructions:

  2. Forming and viewing the list of executable files on client devices

    This stage helps you find out what executable files are found on managed devices. View the list of executable files and compare it with the lists of allowed and prohibited executable files. The restrictions on executable files usage can be related to the information security polices in your organization. You can skip this stage if you know exactly what executable files are installed on managed devices.

    How-to instructions:

  3. Creating application categories for the applications used in your organization

    Analyze the lists of applications and executable files stored on managed devices. Basing on the analysis, create application categories. It is recommended to create a "Work applications" category that covers the standard set of applications that are used at your organization. If different user groups use different sets of applications in their work, a separate application category can be created for each user group.

    Depending the set of criteria to create an application category, you can create application categories of three types.

    How-to instructions:

  4. Configuring Application Control in the Kaspersky Endpoint Security for Windows policy

    Configure the Application Control component in the Kaspersky Endpoint Security for Windows policy using the application categories you have created on the previous stage.

    How-to instructions:

  5. Turning on Application Control component in test mode

    To ensure that Application Control rules do not block applications required for user's work, it is recommended to enable testing of Application Control rules and analyze their operation after creating new rules. When testing is enabled, Kaspersky Endpoint Security for Windows will not block applications whose startup is forbidden by Application Control rules, but will instead send notifications about their startup to the Administration Server.

    When testing Application Control rules, it is recommended to perform the following actions:

    • Determine the testing period. Testing period can vary from several days to two months.
    • Examine the events resulting from testing the operation of Application Control.

    How-to instructions for Kaspersky Security Center 13.1 Web Console: Configuring Application Control component in the Kaspersky Endpoint Security for Windows policy. Follow this instruction and enable the Test Mode option in configuration process.

  6. Changing the application categories settings of Application Control component

    If necessary, make changes to the Application Control settings. Based on the test results, you can add executable files related to events of the Application Control component to an application category with content added manually.

    How-to instructions:

  7. Applying the rules of Application Control in operation mode

    After Application Control rules are tested and configuration of application categories is complete, you can apply the rules of Application Control in operation mode.

    How-to instructions for Kaspersky Security Center 13.1 Web Console: Configuring Application Control component in the Kaspersky Endpoint Security for Windows policy. Follow this instruction and disable the Test Mode option in configuration process.

  8. Verifying Application Control configuration

    Be sure that you have done the following:

    • Created application categories.
    • Configured Application Control using the application categories.
    • Applied the rules of Application Control in operation mode.

Results

When the scenario is complete, applications startup on managed devices is controlled. The users can start only those applications that are allowed in your organization and cannot start applications that are prohibited in your organization.

For detailed information about Application Control, refer to Kaspersky Endpoint Security for Windows Online Help and to the Kaspersky Security for Virtualization Light Agent.

Page top
[Topic 183681_1]

About Application Control

The Application Control component monitors users' attempts to start applications and regulates the startup of applications by using Application Control rules.

Application Control component is available for Kaspersky Endpoint Security for Windows and for Kaspersky Security for Virtualization Light Agent. All the instructions in this section describe configuration of Application Control for Kaspersky Endpoint Security for Windows.

Startup of applications whose settings do not match any of the Application Control rules is regulated by the selected operating mode of the component:

  • Denylist. The mode is used if you want to allow the startup of all applications except the applications specified in block rules. This mode is selected by default.
  • Allowlist. The mode is used if you want to block the startup of all applications except the applications specified in allow rules.

The Application Control rules are implemented through application categories. You create application categories defining specific criteria. In Kaspersky Security Center there are three types of application categories:

For detailed information about Application Control, refer to Kaspersky Endpoint Security for Windows Online Help and to the Kaspersky Security for Virtualization Light Agent.

See also:

Scenario: Application Management
Page top
[Topic 184061]

Obtaining and viewing a list of applications installed on client devices

Kaspersky Security Center inventories all software installed on managed client devices running Windows.

Network Agent compiles a list of applications installed on a device and then transmits this list to Administration Server. Network Agent automatically receives information about installed applications from the Windows registry.

To save the device resources, Network Agent by default starts receiving information about installed applications 10 minutes after the Network Agent service starts.

To view the list of applications installed on managed devices:

In the OPERATIONS THIRD-PARTY APPLICATIONS drop-down list, select Applications registry.

The page displays the list of applications installed on managed devices.

For detailed information about Application Control, refer to Kaspersky Endpoint Security for Windows Online Help and to the Kaspersky Security for Virtualization Light Agent.

See also:

Scenario: Application Management
Page top
[Topic 184063]

Obtaining and viewing a list of executable files stored on client devices

You can obtain a list of executable files stored on managed devices. To inventory executable files, you must create an inventory task.

The feature of inventorying executable files is available for the following applications:

  • Kaspersky Endpoint Security for Windows
  • Kaspersky Endpoint Security for Linux
  • Kaspersky Security for Virtualization 4.0 Light Agent and later versions

You can reduce load on the database while obtaining information about the installed applications. To do this, we recommend that you run an inventory task on reference devices on which a standard set of software is installed.

To create an inventory task for executable files on client devices:

  1. In the main menu, go to DEVICES → TASKS.

    The list of tasks is displayed.

  2. Click the Add button.

    The Add Task Wizard starts. Follow the steps of the Wizard.

  3. On the New task page, in the Application drop-down list, select Kaspersky Endpoint Security for Windows or Kaspersky Endpoint Security for Linux, depending on the operating system type of the client devices.
  4. In the Task type drop-down list, select Inventory.
  5. On the Finish task creation page, click the Finish button.

After the Add Task Wizard has finished, the Inventory task is created and configured. If you want, you can change the settings for the created task. The newly created task is displayed in the list of tasks.

For a detailed description of the inventory task, refer to the following Helps:

After the Inventory task is performed, the list of executable files stored on managed devices is formed, and you can view the list.

During inventory, executable files in the following formats are detected: MZ, COM, PE, NE, SYS, CMD, BAT, PS1, JS, VBS, REG, MSI, CPL, DLL, JAR, and HTML.

To view the list of executable files stored on client devices:

In the OPERATIONS → THIRD-PARTY APPLICATIONS drop-down list, select EXECUTABLE FILES.

The page displays the list of executable files stored on client devices.

To send the executable file of the managed device to Kaspersky:

  1. In the main menu, go to OPERATIONS → THIRD-PARTY APPLICATIONS → EXECUTABLE FILES.
  2. Click the link of the executable file that you want to send to Kaspersky.
  3. In the window that opens, go to the Devices section, and then select the checkbox of the managed device from which you want to send the executable file.

    Before you send the executable file, make sure that the managed device has a direct connection to the Administration Server, by selecting the Do not disconnect from the Administration Server checkbox.

  4. Click the Send to Kaspersky button.

The selected executable file is downloaded for further sending to Kaspersky.

See also:

Scenario: Application Management
Page top
[Topic 184064]

Creating application category with content added manually

Expand all | Collapse all

You can specify a set of criteria as a template of executable files for which you want to allow or block a start in your organization. On the basis of executable files corresponding to the criteria, you can create an application category and use it in the Application Control component configuration.

To create an application category with content added manually:

  1. In the OPERATIONS THIRD-PARTY APPLICATIONS drop-down list, select APPLICATION CATEGORIES.

    The page with a list of application categories is displayed.

  2. Click the Add button.

    The New Category Wizard starts. Follow the steps of the Wizard.

  3. On the Select category creation method page of the Wizard, select the Category with content added manually. Data of executable files is manually added to the category option.
  4. On the Conditions page of the Wizard, click the Add button to add a condition criterion to include files in the creating category.
  5. On the Condition criteria page, select a rule type for the creation of category from the list:
    • From KL category

      If this option is selected, you can specify a Kaspersky application category as the condition of adding applications to the user category. The applications from the specified Kaspersky category will be added to the user application category.

    • Select certificate from repository

      If this option is selected, you can specify certificates from the storage. Executable files that have been signed in accordance with the specified certificates will be added to the user category.

    • Specify path to application (masks supported)

      If this option is selected, you can specify the path to the folder on the client device containing the executable files that are to be added to the user application category.

    • Removable drive

      If this option is selected, you can specify the type of the medium (any drive or removable drive) on which the application is run. Applications that have been run on the selected drive type are added to the user application category.

    • Hash, metadata, or certificate:
      • Select from list of executable files

        If this option is selected, you can use the list of executable files on the client device to select and add applications to the category.

      • Select from applications registry

        If this option is selected, application registry is displayed. You can select an application from the registry and specify the following file metadata:

        • File name.
        • File version. You can specify precise value of the version or describe a condition, for example "greater than 5.0".
        • Application name.
        • Application version. You can specify precise value of the version or describe a condition, for example "greater than 5.0".
        • Vendor.
      • Specify manually

        If this option is selected, you must specify file hash, or metadata, or certificate as the condition of adding applications to the user category.

        File Hash

        Depending on the version of the security application installed on devices on your network, you must select an algorithm for hash value computing by Kaspersky Security Center for files in this category. Information about computed hash values is stored in the Administration Server database. Storage of hash values does not increase the database size significantly.

        SHA-256 is a cryptographic hash function: no vulnerabilities have been found in its algorithm, and so it is considered the most reliable cryptographic function nowadays. Kaspersky Endpoint Security 10 Service Pack 2 for Windows and later versions support SHA-256 computing. Computing of the MD5 hash function is supported by all versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows.

        Select either of the options of hash value computing by Kaspersky Security Center for files in the category:

        • If all instances of security applications installed on your network are Kaspersky Endpoint Security 10 Service Pack 2 for Windows or later versions, select the SHA-256 check box. We do not recommend that you add any categories created according to the criterion of the SHA-256 hash of an executable file for versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows. This may result in failures in the security application operation. In this case, you can use the MD5 cryptographic hash function for files of the category.
        • If any versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows are installed on your network, select the MD5 hash. You cannot add a category that was created based on the criterion of the MD5 checksum of an executable file for Kaspersky Endpoint Security 10 Service Pack 2 for Windows or later versions. In this case, you can use the SHA-256 cryptographic hash function for files of the category.
        • If different devices on your network use both earlier and later versions of Kaspersky Endpoint Security 10, select both the SHA-256 check box and the MD5 hash check box.

        Metadata

        If this option is selected, you can specify file metadata as file name, file version, vendor. The metadata will be sent to Administration Server. Executable files that contain the same metadata will be added to the application category.

        Certificate

        If this option is selected, you can specify certificates from the storage. Executable files that have been signed in accordance with the specified certificates will be added to the user category.

      • From file or from MSI package / archived folder

        If this option is selected, you can specify an MSI installer file as the condition of adding applications to the user category. The application installer metadata will be sent to Administration Server. The applications for which the installer metadata is the same as for the specified MSI installer are added to the user application category.

    The selected criterion is added to the list of conditions.

    You can add as many criteria for the creating application category as you need.

  6. On the Exclusions page of the Wizard, click the Add button to add an exclusive condition criterion to exclude files from the category that is being created.
  7. On the Condition criteria page, select a rule type from the list, in the same way that you selected a rule type for category creation.

When the Wizard finishes, the application category is created. It is displayed in the list of application categories. You can use the created application category when you configure Application Control.

For detailed information about Application Control, refer to Kaspersky Endpoint Security for Windows Online Help and to the Kaspersky Security for Virtualization Light Agent.

See also:

Scenario: Application Management
Page top
[Topic 184075]

Creating application category that includes executable files from selected devices

Expand all | Collapse all

You can use executable files from selected devices as a template of executable files that you want to allow or block. Based on executable files from selected devices, you can create an application category and use it in the Application Control component configuration.

To create application category that includes executable files from selected devices:

  1. In the OPERATIONS → THIRD-PARTY APPLICATIONS drop-down list, select APPLICATION CATEGORIES.

    The page with a list of application categories is displayed.

  2. Click the Add button.

    The New Category Wizard starts. Proceed through the Wizard by using the Next button.

  3. On the Select category creation method page of the Wizard, specify the category name and select the Category that includes executable files from selected devices. These executable files are processed automatically and their metrics are added to the category option.
  4. Click Add.
  5. In the window that opens, select a device or devices whose executable files will be used to create the application category.
  6. Specify the following settings:
    • Hash value computing algorithm

      Depending on the version of the security application installed on devices on your network, you must select an algorithm for hash value computing by Kaspersky Security Center for files in this category. Information about computed hash values is stored in the Administration Server database. Storage of hash values does not increase the database size significantly.

      SHA-256 is a cryptographic hash function: no vulnerabilities have been found in its algorithm, and so it is considered the most reliable cryptographic function nowadays. Kaspersky Endpoint Security 10 Service Pack 2 for Windows and later versions support SHA-256 computing. Computing of the MD5 hash function is supported by all versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows.

      Select either of the options of hash value computing by Kaspersky Security Center for files in the category:

      • If all instances of security applications installed on your network are Kaspersky Endpoint Security 10 Service Pack 2 for Windows or later versions, select the SHA-256 check box. We do not recommend that you add any categories created according to the criterion of the SHA-256 hash of an executable file for versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows. This may result in failures in the security application operation. In this case, you can use the MD5 cryptographic hash function for files of the category.
      • If any versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows are installed on your network, select the MD5 hash. You cannot add a category that was created based on the criterion of the MD5 checksum of an executable file for Kaspersky Endpoint Security 10 Service Pack 2 for Windows or later versions. In this case, you can use the SHA-256 cryptographic hash function for files of the category.

      If different devices on your network use both earlier and later versions of Kaspersky Endpoint Security 10, select both the SHA-256 check box and the MD5 hash check box.

      The Calculate SHA-256 for files in this category (supported by Kaspersky Endpoint Security 10 Service Pack 2 for Windows and any later versions) check box is selected by default.

      The Calculate MD5 for files in this category (supported by versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows) is cleared by default.

    • Synchronize data with Administration Server repository

      Select this option if you want that Administration Server periodically to check changes in the specified folder (or folders).

      By default, this option is disabled.

      If you enable this option, specify the period (in hours) to check changes in the specified folder (folders). By default, scan interval is 24 hours.

    • File type

      In this section, you can specify file type that is used to create the application category.

      All files. All files are taken into consideration when creating the category. By default, this option is selected.

      Only files outside the application categories. Only files outside the application categories are taken into consideration when creating the category.

    • Folders

      In this section you can specify which folders from the selected device (devices) contain files that are used to create the application category.

      All folders. All folders are taken into consideration for the creating category. By default, this option is selected.

      Specified folder. Only specified folder is taken into consideration for the creating category. If you select this option you must specify path to the folder.

When the Wizard finishes, the application category is created. It is displayed in the list of application categories. You can use the created application category when you configure Application Control.

See also:

Scenario: Application Management
Page top
[Topic 184076]

Creating application category that includes executable files from selected folder

Expand all | Collapse all

You can use executable files from a selected folder as a standard of executable files that you want to allow or block in your organization. On the basis of executable files from the selected folder, you can create an application category and use it in the Application Control component configuration.

To create an application category that includes executable files from the selected folder:

  1. In the OPERATIONS THIRD-PARTY APPLICATIONS drop-down list, select APPLICATION CATEGORIES.

    The page with a list of application categories is displayed.

  2. Click the Add button.

    The New Category Wizard starts. Proceed through the Wizard by using the Next button.

  3. On the Select category creation method page of the Wizard, specify the category name and select the Category that includes executable files from a specific folder. Executable files of applications copied to the specified folder are automatically processed and their metrics are added to the category option.
  4. Specify the folder whose executable files will be used to create the application category.
  5. Define the following settings:
    • Include dynamic-link libraries (DLL) in this category

      The application category includes dynamic-link libraries (files in DLL format), and the Application Control component logs the actions of such libraries running in the system. Including DLL files in the category may lower the performance of Kaspersky Security Center.

      By default, this check box is cleared.

    • Include script data in this category

      The application category includes data on scripts, and scripts are not blocked by Web Threat Protection. Including the script data in the category may lower the performance of Kaspersky Security Center.

      By default, this check box is cleared.

    • Hash value computing algorithm: Calculate SHA-256 for files in this category (supported by Kaspersky Endpoint Security 10 Service Pack 2 for Windows and later versions) / Calculate MD5 for files in this category (supported by versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows)

      Depending on the version of the security application installed on devices on your network, you must select an algorithm for hash value computing by Kaspersky Security Center for files in this category. Information about computed hash values is stored in the Administration Server database. Storage of hash values does not increase the database size significantly.

      SHA-256 is a cryptographic hash function: no vulnerabilities have been found in its algorithm, and so it is considered the most reliable cryptographic function nowadays. Kaspersky Endpoint Security 10 Service Pack 2 for Windows and later versions support SHA-256 computing. Computing of the MD5 hash function is supported by all versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows.

      Select either of the options of hash value computing by Kaspersky Security Center for files in the category:

      • If all instances of security applications installed on your network are Kaspersky Endpoint Security 10 Service Pack 2 for Windows or later versions, select the SHA-256 check box. We do not recommend that you add any categories created according to the criterion of the SHA-256 hash of an executable file for versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows. This may result in failures in the security application operation. In this case, you can use the MD5 cryptographic hash function for files of the category.
      • If any versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows are installed on your network, select the MD5 hash. You cannot add a category that was created based on the criterion of the MD5 checksum of an executable file for Kaspersky Endpoint Security 10 Service Pack 2 for Windows or later versions. In this case, you can use the SHA-256 cryptographic hash function for files of the category.

      If different devices on your network use both earlier and later versions of Kaspersky Endpoint Security 10, select both the SHA-256 check box and the MD5 hash check box.

      The Calculate SHA-256 for files in this category (supported by Kaspersky Endpoint Security 10 Service Pack 2 for Windows and any later versions) check box is selected by default.

      The Calculate MD5 for files in this category (supported by versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows) is cleared by default.

    • Force folder scan for changes

      If this option is enabled, the application regularly checks the folder of category content addition for changes. You can specify the frequency of checks (in hours) in the entry field next to the check box. By default, the time interval between forced checks is 24 hours.

      If this option is disabled, the application does not force any checks of the folder. The Server attempts to access files if they have been modified, added, or deleted.

      By default, this option is disabled.

When the Wizard finishes, the application category is created. It is displayed in the list of application categories. You can use the application category at Application Control configuration.

For detailed information about Application Control, refer to Kaspersky Endpoint Security for Windows Online Help and to the Kaspersky Security for Virtualization Light Agent.

See also:

Scenario: Application Management
Page top
[Topic 184077]

Viewing the list of application categories

You can view the list of configured application categories and the settings of each application category.

To view the list of application categories,

On the OPERATIONS tab, in the THIRD-PARTY APPLICATIONS drop-down list, select APPLICATION CATEGORIES.

The page with a list of application categories is displayed.

To view properties of an application category,

Click the name of the application category.

The properties window of the application category is displayed. The properties are grouped on several tabs.

See also:

Scenario: Application Management
Page top
[Topic 191028]

Configuring Application Control in the Kaspersky Endpoint Security for Windows policy

After you create Application Control categories, you can use them for configuring Application Control in Kaspersky Endpoint Security for Windows policies.

To configure Application Control in Kaspersky Endpoint Security for Windows policy:

  1. In the main menu, go to DEVICES → POLICIES & PROFILES.

    A page with a list of policies is displayed.

  2. Click Kaspersky Endpoint Security for Windows policy.

    The policy settings window opens.

  3. Select the Application settings tab, Security Controls section, Application Control subsection.

    The Application Control window with Application Control settings is displayed.

  4. Switch the toggle button to enable the Application Control option.
  5. If you want to test Application Control rules, switch the toggle button to enable the Test Mode option.

    If you want to apply Application Control rules, switch the toggle button to disable the Test Mode option.

  6. Enable the Control DLL and drivers option if you want Kaspersky Endpoint Security for Windows to monitor the loading of DLL modules when applications are started by users.

    Information about the module and the application that loaded the module will be saved to a report.

    Kaspersky Endpoint Security for Windows monitors only the DLL modules and drivers loaded after the Control DLL and drivers option is selected. Restart the computer after selecting the Control DLL and drivers option if you want Kaspersky Endpoint Security for Windows to monitor all DLL modules and drivers, including those loaded before Kaspersky Endpoint Security for Windows is started.

  7. (Optional) In the Message templates block, change the template of the message that is displayed when an application is blocked from starting and the template of the email message that is sent to you.
  8. In the Application Control Mode block settings, select Denylist or Allowlist mode.

    By default, Denylist mode is selected.

  9. Click the Rules Lists Settings link.

    The Denylists and allowlists window opens to let you add an application category. By default, the Denylist tab is selected if the Denylist mode is selected, and the Allowlist tab is selected if the Allowlist mode is selected.

  10. In the Denylists and allowlists window, click the Add button.

    The Application Control rule window opens.

  11. Click the Category is not defined link.

    The Application Category window opens.

  12. Add the application category (or categories) that you created earlier.

    You can edit the settings of a created category by clicking the Edit button.

    You can create a new category by clicking the Add button.

    You can delete a category from the list by clicking the Delete button.

  13. After the list of application categories is complete, click the OK button.

    The Application Category window closes.

  14. In the Application Control rule window, in the Subjects and their rights section, create the list of users and groups of users to apply the Application Control rule.
  15. Click the OK button to save the settings and to close the Application Control rule window.
  16. Click the OK button to save the settings and to close the Denylists and allowlists window.
  17. Click the OK button to save the settings and to close the Application Control window.
  18. Close the window with the Kaspersky Endpoint Security for Windows policy settings.

Application Control is configured. After the policy is propagated to the client devices, the startup of executable files is managed.

For detailed information about Application Control, refer to Kaspersky Endpoint Security for Windows Online Help and to the Kaspersky Security for Virtualization Light Agent.

See also:

Scenario: Application Management
Page top
[Topic 184079]

Adding event-related executable files to the application category

Expand all | Collapse all

After you configure Application Control in the Kaspersky Endpoint Security for Windows policies, the following events will be displayed in the list of events:

  • Application startup prohibited (Critical event). This event is displayed if you have configured Application Control to apply rules.
  • Application startup prohibited in test mode (Info event). This event is displayed if you have configured Application Control to test rules.
  • Application startup blockage message to administrator (Warning event). This event is displayed if you have configured Application Control to apply rules and a user has requested access to the application that is blocked at startup.

It is recommended to create event selections to view events related to Application Control operation.

You can add executable files related to Application Control events to an existing application category or to a new application category. You can add executable files only to an application category with content added manually.

To add executable files related to Application Control events to an application category:

  1. In the main menu, go to MONITORING & REPORTING → EVENT SELECTIONS.

    The list of event selections is displayed.

  2. Select the event selection to view events related to Application Control and start this event selection.

    If you have not created event selection related to Application Control, you can select and start a predefined selection, for example, Recent events.

    The list of events is displayed.

  3. Select the events whose associated executable files you want to add to the application category, and then click the Assign to category button.

    The New Category Wizard starts. Proceed through the Wizard by using the Next button.

  4. On the Wizard page, specify the relevant settings:
    • In the Action on executable file related to the event section, select one of the following options:
      • Add to a new application category

        Select this option if you want to create a new application category based on event-related executable files.

        By default, this option is selected.

        If you have selected this option, specify a new category name.

      • Add to an existing application category

        Select this option if you want to add event-related executable files to an existing application category.

        By default, this option is not selected.

        If you have selected this option, select the application category with content added manually to which you want to add executable files.

    • In the Rule type section, select one of the following options:
      • Rules for adding to inclusions
      • Rules for adding to exclusions
    • In the Parameter used as a condition section, select one of the following options:
      • Certificate details (or SHA-256 hashes for files without a certificate)

        Files may be signed with a certificate. Multiple files may be signed with the same certificate. For example, different versions of the same application may be signed with the same certificate, or several different applications from the same vendor may be signed with the same certificate. When you select a certificate, several versions of an application or several applications from the same vendor may end up in the category.

        Each file has its own unique SHA-256 hash function. When you select an SHA-256 hash function, only one corresponding file, for example, the defined application version, ends up in the category.

        Select this option if you want to add to the category rules the certificate details of an executable file (or the SHA-256 hash function for files without a certificate).

        By default, this option is selected.

      • Certificate details (files without a certificate will be skipped)

        Files may be signed with a certificate. Multiple files may be signed with the same certificate. For example, different versions of the same application may be signed with the same certificate, or several different applications from the same vendor may be signed with the same certificate. When you select a certificate, several versions of an application or several applications from the same vendor may end up in the category.

        Select this option if you want to add the certificate details of an executable file to the category rules. If the executable file has no certificate, this file will be skipped. No information about this file will be added to the category.

      • Only SHA-256 (files without a hash will be skipped)

        Each file has its own unique SHA-256 hash function. When you select an SHA-256 hash function, only one corresponding file, for example, the defined application version, ends up in the category.

        Select this option if you want to add only the details of the SHA-256 hash function of the executable file.

      • Only MD5 (discontinued mode, only for Kaspersky Endpoint Security 10 Service Pack 1 version)

        Each file has its own unique MD5 hash function. When you select an MD5 hash function, only one corresponding file, for example, the defined application version, ends up in the category.

        Select this option if you want to add only the details of the MD5 hash function of the executable file. Computing of the MD5 hash function is supported by Kaspersky Endpoint Security 10 Service Pack 1 for Windows and all earlier versions.

  5. Click OK.

When the Wizard finishes, executable files related to the Application Control events are added to the existing application category or to a new application category. You can view settings of the application category that you have modified or created.

For detailed information about Application Control, refer to Kaspersky Endpoint Security for Windows Online Help and to the Kaspersky Security for Virtualization Light Agent.

See also:

Scenario: Application Management
Page top
[Topic 186329]