The
Application control component logs the actions performed by applications in the system, and manages the applications' activities, based on which group they belong to. A set of rules is defined for each group of applications. These rules manage applications' access to various resources. Based on the system security factor, all applications can be divided into four pre-set groups of applications:
- Trusted. Applications with a digital signature by trusted vendors, or applications which are recorded in the base of trusted applications. These applications have no restrictions applied on actions performed in the system. Those applications' activity is monitored by Proactive Defense and File Anti-Virus.
- Low Restricted. Applications that do not have a digital signature from a trusted vendor, and which are not listed in the base of trusted applications. However, these applications have received low value of the threat rating. They are allowed to perform some operations, such as access to other processes, system control, hidden network access. The user's permission is required for most operations.
- High Restricted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have a high value of the threat rating. The applications of this group require the user's permission for most actions which affect the system: some actions are not allowed for such applications.
- Untrusted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have received a very high value of the threat rating. Application Control blocks any actions performed by such applications.
13-129194.gif)
The applications classed by
Application Control in a certain group are assigned the corresponding status, and inherit the rights of access to the resources from the group rule. In accordance with the pre-defined rules Application control allows, prompts the user or blocks the application. These rules manage applications' access to various resources. Two categories of resources –
Operating system and
Identity data – are defined in
Kaspersky Internet Security 2011.
13-129195.gif)
The Operating system category includes the following resources:
- registry keys with autorun parameters;
- registry keys with parameters of work on the Internet;
- registry keys which influence system security;
- system files and folders;
- autorun folders.
The
Identity data category includes the following resources:
- user’s files (the folder My Documents, files cookies, data about user’s activity);
- files, folders and registry keys which contain working parameters and important data of the most frequently used applications: Internet-browser, file managers, mail clients, Internet-pagers and electronic purses.
