Configuring app control

You can define these policy settings only for Android devices.

App Control checks that the apps installed on a mobile device are compliant with corporate security requirements. In Kaspersky Security Center, the administrator creates lists of allowed, blocked, mandatory, and recommended apps according to the corporate security requirements. As a result of App Control, Kaspersky Endpoint Security prompts the user to install mandatory and recommended apps, and to remove blocked apps. It is impossible to start blocked apps on the user's mobile device.

In Kaspersky Security Center Web Console and Cloud Console, you can manage apps on users' devices by applying pre-defined rules. You can configure two types of App Control rules: application rules and category rules.

An App rule is applied to a specific app, while a Category rule is applied to any app that belongs to a pre-defined category. App categories are specified by Kaspersky experts.

To configure App Control:

  1. Open the policy properties window:
    • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
    • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
  2. In the policy properties page, select Application settings > Security controls.
  3. In the table under the App Control section, add rules that will define what apps will be controlled.
    • To add a rule for a specific app:
      1. In the table, click App rule.
      2. In the App rule window that opens, choose the action that will be performed with the apps covered by the created rule.
      3. Specify the app that will be subject to the rule by filling in Link to installation package (for example, https://play.google.com/store/apps/details?id=com.kaspersky.kes), Package name (for example, katana.facebook.com), and App name.
      4. Click Save.

      The rule is added to the list of App Control rules.

    • To add a rule for a category of apps:
      1. In the table under the App Control section, click Category rule.
      2. In the Category rule window that opens, select the app category from the drop-down list.

        Apps within the selected category will be subject to the created rule.

      3. In the Operation mode section, select the action that will be performed when any apps within the selected category attempt to start up: Forbidden apps or Allowed apps.
      4. Fill in the Additional comment shown on the user's device when an app of a specified category is detected, if necessary.
      5. Click Save.

      The rule is added to the list of App Control rules.

  4. In the Actions with forbidden apps section, choose what action is performed for forbidden applications:
    • If you want Kaspersky Endpoint Security for Android to block the startup of forbidden applications on the user's mobile device, select Block apps from launching.
    • If you want Kaspersky Endpoint Security for Android to send data on forbidden apps to the event log without blocking them, select Do not block forbidden apps, report only.
  5. In the Operation mode section, choose whether the rules you add will define allowed apps or forbidden apps:
    • If you want the rules to define which apps are allowed, select Forbidden apps.

      If you want Kaspersky Endpoint Security for Android to block the startup of system apps on the user's mobile device (such as Calendar, Camera, and Settings) in the Forbidden apps mode, select the Block system apps check box.

      Kaspersky experts recommend against blocking system apps because this could lead to failures in device operation.

    • If you want the rules to define which apps are forbidden, select Allowed apps.
  6. To receive information about all apps installed on mobile devices, in the Application report section, select the Send a list of installed apps on all mobile devices check box.

    Kaspersky Endpoint Security for Android sends data to the event log each time an app is installed or removed from the device.

  7. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

Page top