During execution of the Application Control task, Kaspersky Endpoint Security controls the launching of applications on user devices. This helps reduce the risk of device infection by restricting access to applications. Application launching is regulated by Application Control rules.
To use the task, a license that includes the corresponding function is required.
The Application Control task can operate in two modes:
Thus, if the Application Control rules are created to the fullest extent possible, Kaspersky Endpoint Security prohibits the launching of all new applications that are not verified by the administrator of the organization's local network, but ensures the performance of the operating system and verified applications that users need to perform their job duties.
The Kaspersky Security Center administrator or a local user with the admin role assigned in the application can use the Application Control task to prohibit or allow processes to run under the root account.
For each mode of the Application Control task, you can create separate rules and select an action that Kaspersky Endpoint Security will perform when it detects an attempt to start an application on a user's device.
If you change the list of allowed applications or prohibit the launch of all applications or applications affecting Kaspersky Endpoint Security's operation, then when modifying the task settings using the configuration file or using the command line, run the --set-settings
command with the --accept
flag.
Application Control does not control the launch of Snap, Flatpak, or AppImage applications.
Kaspersky Endpoint Security supports the following interpreters: python, perl, bash, ssh.
The Application Control task does not control the launching of scripts from interpreters that are not supported by Kaspersky Endpoint Security, or the launching of scripts that are not passed to the interpreter via the command line. If the interpreter is allowed to launch by the Application Control rules, Kaspersky Endpoint Security does not block the script launched from this interpreter. If the launch of at least one script specified in the interpreter command line is prohibited by the Application Control rules, Kaspersky Endpoint Security blocks all the scripts specified in the interpreter command line. Exclusion: cat script.py | python.