Application Control task settings

The table describes all available values and the default values of all the settings that you can specify for the Application Control task.

Application Control task settings

Setting

Description

Values

AppControlMode

Application Control task operation mode.

AllowList – Kaspersky Endpoint Security prevents users from launching any applications that are not specified in the Application Control rules.

DenyList (default value) – Kaspersky Endpoint Security allows users to launch any applications that are not specified in the Application Control rules.

AppControlRulesAction

The action that Kaspersky Endpoint Security performs upon detecting an attempt to start an application that matches the configured rules.

ApplyRules (default value) – Kaspersky Endpoint Security applies Application Control rules and performs the action specified in the rules.

TestRules – Kaspersky Endpoint Security tests the rules and generates an event about the detection of an application that satisfies the rule.

The [Categories.item_#] section contains the following settings:

Name

Name of the application category to which the rule applies.

 

UseIncludes

Usage of inclusive conditions to trigger the rule.

Yes – apply the rule to the application if the application meets at least one inclusive condition.

No (default value) – do not apply the rule to the application, even if the application meets the inclusive conditions.

IncludeFileNames.item_#

Name of the executable file that triggers the rule.

You can use masks to specify the file name.

IncludeFolders.item_#

Name of the directory with the application's executable file that triggers the rule.

You can use masks to specify the directory name.

IncludeHashes.item_#

SHA256 hash of the executable file that triggers the rule.

Only SHA256 is allowed.

UseExcludes

Usage of excluding conditions to trigger the rule.

Yes – do not apply the rule to the application if the application meets at least one exclusive condition or does not meet any of the inclusive conditions.

No (default value) – apply the rule to the application, even if the application meets at least one exclusive condition.

ExcludeFileNames.item_#

Name of the executable file that triggers the rule.

You can use masks to specify the file name.

ExcludeFolders.item_#

Name of the directory with the application's executable file that triggers the rule.

You can use masks to specify the directory name.

ExcludeHashes.item_#

SHA256 hash of the executable file that triggers the rule.

Only SHA256 is allowed.

The [AllowListRules.item_#] section contains a list of Application Control rules for the AllowList operation mode.

Each [AllowListRules.item_#] section contains the following settings:

Description

Description of the Application Control rule.

 

AppControlRuleStatus

Operation status of the Application Control rule:

On (default value): the rule is enabled, Kaspersky Endpoint Security applies this rule for the Application Control.

Off: the rule is not used for the Application Control.

Test – Kaspersky Endpoint Security allows applications covered by the rule to be launched, but logs information about the launch of these applications in the report.

Category

Name of the application category for which the rule applies.

You can specify the "Golden Image" category.

 

The [AllowListRules.item_#.ACL.item_#] section contains a list of users who are allowed or denied to run applications.

Access

Access type assigned to a user or user group.

Allow (default value) — Allow running applications.

Block – Deny running applications.

Principal

User or user group to which the Application Control rule applies.

\Everyone (default value): the rule applies to all users.

<user name>: name of the user to whom the rule applies.

@<group name>: name of the group of users to whom the rule applies.

The [DenyListRules.item_#] section contains a list of Application Control rules for the DenyList operation mode.

Each [DenyListRules.item_#] section contains the following settings:

Description

Description of the Application Control rule.

 

AppControlRuleStatus

Operation status of the Application Control rule:

On (default value): the rule is enabled, Kaspersky Endpoint Security applies this rule for the Application Control.

Off: the rule is not used for the Application Control.

Test – Kaspersky Endpoint Security allows applications covered by the rule to be launched, but logs information about the launch of these applications in the report.

Category

Name of the created application category to which the rule applies.

You can specify the "Golden Image" list of applications as a category.

 

The [DenyListRules.item_#.ACL.item_#] section contains a list of users who are allowed or denied to run applications.

Access

Access type assigned to a user or user group.

Allow – allow applications to start.

Block (default value) – do not allow applications to start.

Principal

User or user group to which the Application Control rule applies.

\Everyone (default value): the rule applies to all users.

<user name>: name of the user to whom the rule applies.

@<group name>: name of the group of users to whom the rule applies.

Page top