Contents
Application Сontrol
During execution of the Application Control task, Kaspersky Embedded Systems Security controls the launching of applications on user devices. This helps reduce the risk of device infection by restricting access to applications. Application launching is regulated by Application Control rules.
Application Control can operate in two modes:
- Denylist. In this mode Kaspersky Embedded Systems Security allows all users to launch any applications that are not specified in the Application Control rules. This is the default operation mode of the Application Control component.
- Allowlist. In this mode Kaspersky Embedded Systems Security prevents all users from launching any applications that are not specified in the Application Control rules.
For each Application Control operation mode, separate rules can be created and an action can be specified: apply rules or test rules. Kaspersky Embedded Systems Security performs this action when it detects an attempt to start an application.
The Application Control settings are described in the following table.
Application Control settings
Setting |
Description |
|---|---|
Application Control enabled / disabled |
This toggle button enables or disables Application Control. The toggle button is switched off by default. |
Application Control action |
The action that Kaspersky Embedded Systems Security performs upon detecting an attempt to start an application that matches the configured rules:
|
Application Control mode |
Application Control task operation mode:
|
Application Control rules |
Clicking the Configure rules link opens the Application Control rules window. |
Application Control rules window
The Application Control rules table has the tabs with the rules for each operation mode: Denylist (active) and Allowlist. Both tabs of the Application Control rules table are empty by default.
Application Control rules settings
Setting |
Description |
|---|---|
Category |
The name of the application category that is used by the rule. |
Status |
Operation status of the Application Control rule:
|
Application Control rule window
In this window, you can configure the settings for the Application Control rule.
Configuring an Application Control rule
Setting |
Description |
|---|---|
Rule description |
Description of the Application Control rule. |
Status |
You can select the operation status of the Application Control rule:
|
Category |
Clicking the Configure category link opens the Application Control categories window. |
Access control list |
The table contains a list of users or user groups to which the Application Control rule applies, and the types of access assigned to them, and consists of the following columns:
|
Application Control categories window
In this window, you can add a new category or configure the category settings for an Application Control rule.
Kaspersky Embedded Systems Security does not support use of the KL categories of Kaspersky Security Center.
Application Control categories
Setting |
Description |
|---|---|
Category name |
List to search for the added Application Control categories. |
Add |
Clicking the button starts the category creation wizard. Follow the instructions of the Wizard. |
Edit |
Clicking this button opens the category properties window, where you can change the category settings. |
Select user or group window
In this window, you can specify a local or domain user or user group for which you want to configure a rule.
Configuring an Application Control rule
Setting |
Description |
|---|---|
Manually |
If this option is selected, in the field below enter the name of the local or domain user or the name of a user group, to which the Application Control rule will apply. |
List of groups or users |
If this option is selected, in the search field you can enter search criteria for the name of the user or name of the user group, to which the Application Control rule will apply, or you can select the name of the user group in the list below. |