Adding certificate monitoring rules

To add certificate monitoring rules via the Application Console:

In the Application Console tree, open the context menu of the Kaspersky Embedded Systems Security for Windows node.
Select the Configure Trusted Zone settings menu option.
The Trusted Zone window opens.
Select the Certificate monitoring tab.
Add a certificate monitoring rule in one of the following ways:
- Manually
  1. Click the Add button.
    The Certificate monitoring rule settings window opens.
  2. Set a rule-triggering criterion:
    - Certificate subject mask. The application applies the rule to certificates whose title (the value in the Subject field) matches the mask entered in the Certificate subject mask field.
      You can use the ? and * wildcards for any number of masked characters. Value verification is case-insensitive.
    - Certificate thumbprint. The application applies the rule for the certificate whose thumbprint matches the one specified in the Certificate thumbprint field.
      Certificate thumbprint verification is case-insensitive.
  3. If necessary, disable Allow programs to run with an untrusted certificate.
    If this option is enabled, the application allows applications signed with untrusted certificates that satisfy the rule's triggering criterion. In the context of the certificate monitoring task, an untrusted certificate is one whose validity period is found to be expired or could not be identified.
    
    If the option is disabled, applications signed with an untrusted certificates that match the rule-triggering criterion are blocked.
    
    This feature is enabled by default.
  4. If necessary, disable the Publish event about certificate expiration option.
    If this option is enabled, the application publishes an event in the system audit log when a certificate matching the rule's criterion expires.
    
    The application publishes a certificate expiration event once before the application or protected device is restarted. The application does not publish an event when the software signed with an expired certificate is started again, if the application or the protected device have not been restarted.
    
    This feature is enabled by default.
  5. Click the OK button.
- By importing an XML file with pre-configured certificate monitoring rules
  1. Click the Import button.
  2. In the standard Windows system window that opens, specify the path to the XML file.
  3. Click the Open button.
The new certificate monitoring rule is displayed in the list on the Certificate monitoring tab.
In the Trusted Zone window, click Apply.

Page top