The table describes all available values and the default values of all the settings that you can specify for the Application Control task.
|
|
|
Setting
|
Description
|
Values
|
AppControlMode
|
Application Control task operation mode.
|
AllowList – Kaspersky Endpoint Security prevents users from launching any applications that are not specified in the Application Control rules.
DenyList (default value) – Kaspersky Endpoint Security allows users to launch any applications that are not specified in the Application Control rules.
|
AppControlRulesAction
|
The action that Kaspersky Endpoint Security performs upon detecting an attempt to start an application that matches the configured rules.
|
ApplyRules (default value) – Kaspersky Endpoint Security applies Application Control rules and performs the action specified in the rules.
TestRules – Kaspersky Endpoint Security tests the rules and generates an event about the detection of an application that satisfies the rule.
|
The [Categories.item_#] section contains the following settings:
|
Name
|
Name of the application category to which the rule applies.
|
|
UseIncludes
|
Usage of inclusive conditions to trigger the rule.
|
Yes – apply the rule to the application if the application meets at least one inclusive condition.
No (default value) – do not apply the rule to the application, even if the application meets the inclusive conditions.
|
IncludeFileNames.item_#
|
Name of the executable file that triggers the rule.
|
You can use masks to specify the file name.
You can use the * character (any sequence of characters) or the ? character (any one character) as the file or directory name mask.
You can put the * character to represent any set of characters (including an empty set) in a file or directory name that includes the / character. For example, /dir/*/file*/ or /dir/file*/ .
You can put a single ? character to represent any one character (including / ) in the file or directory name.
|
IncludeFolders.item_#
|
Name of the directory with the application's executable file that triggers the rule.
|
You can use masks to specify the directory name.
You can use the * character (any sequence of characters) or the ? character (any one character) as the file or directory name mask.
You can put the * character to represent any set of characters (including an empty set) in a file or directory name that includes the / character. For example, /dir/*/file*/ or /dir/file*/ .
You can put a single ? character to represent any one character (including / ) in the file or directory name.
|
IncludeHashes.item_#
|
SHA256 hash of the executable file that triggers the rule.
|
Only SHA256 is allowed.
|
UseExcludes
|
Usage of excluding conditions to trigger the rule.
|
Yes – do not apply the rule to the application if the application meets at least one exclusive condition or does not meet any of the inclusive conditions.
No (default value) – apply the rule to the application, even if the application meets at least one exclusive condition.
|
ExcludeFileNames.item_#
|
Name of the executable file that triggers the rule.
|
You can use masks to specify the file name.
You can use the * character (any sequence of characters) or the ? character (any one character) as the file or directory name mask.
You can put the * character to represent any set of characters (including an empty set) in a file or directory name that includes the / character. For example, /dir/*/file*/ or /dir/file*/ .
You can put a single ? character to represent any one character (including / ) in the file or directory name.
|
ExcludeFolders.item_#
|
Name of the directory with the application's executable file that triggers the rule.
|
You can use masks to specify the directory name.
You can use the * character (any sequence of characters) or the ? character (any one character) as the file or directory name mask.
You can put the * character to represent any set of characters (including an empty set) in a file or directory name that includes the / character. For example, /dir/*/file*/ or /dir/file*/ .
You can put a single ? character to represent any one character (including / ) in the file or directory name.
|
ExcludeHashes.item_#
|
SHA256 hash of the executable file that triggers the rule.
|
Only SHA256 is allowed.
|
The [AllowListRules.item_#] section contains a list of Application Control rules for the AllowList operation mode.
Each [AllowListRules.item_#] section contains the following settings:
|
Description
|
Description of the Application Control rule.
|
|
AppControlRuleStatus
|
Operation status of the Application Control rule:
|
On (default value): the rule is enabled, Kaspersky Endpoint Security applies this rule for the Application Control.
Off : the rule is not used for the Application Control.
Test – Kaspersky Endpoint Security allows applications covered by the rule to be launched, but logs information about the launch of these applications in the report.
|
Category
|
Name of the application category for which the rule applies.
You can specify the "Golden Image" category.
|
|
The [AllowListRules.item_#.ACL.item_#] section contains a list of users who are allowed or denied to run applications.
|
Access
|
Access type assigned to a user or user group.
|
Allow (default value) — Allow running applications.
Block – Deny running applications.
|
Principal
|
User or user group to which the Application Control rule applies.
|
\Everyone (default value): the rule applies to all users.
< user name > : name of the user to whom the rule applies.
@< group name > : name of the group of users to whom the rule applies.
|
The [DenyListRules.item_#] section contains a list of Application Control rules for the DenyList operation mode.
Each [DenyListRules.item_#] section contains the following settings:
|
Description
|
Description of the Application Control rule.
|
|
AppControlRuleStatus
|
Operation status of the Application Control rule:
|
On (default value): the rule is enabled, Kaspersky Endpoint Security applies this rule for the Application Control.
Off : the rule is not used for the Application Control.
Test – Kaspersky Endpoint Security allows applications covered by the rule to be launched, but logs information about the launch of these applications in the report.
|
Category
|
Name of the created application category to which the rule applies.
You can specify the "Golden Image" list of applications as a category.
|
|
The [DenyListRules.item_#.ACL.item_#] section contains a list of users who are allowed or denied to run applications.
|
Access
|
Access type assigned to a user or user group.
|
Allow – allow applications to start.
Block (default value) – do not allow applications to start.
|
Principal
|
User or user group to which the Application Control rule applies.
|
\Everyone (default value): the rule applies to all users.
< user name > : name of the user to whom the rule applies.
@< group name > : name of the group of users to whom the rule applies.
|