• Add policy rules to the local rules. The application applies the rule list specified in a policy together with local rule lists.
• Replace local rules with policy rules. The application applies the rule list specified in the policy for application launch control on a group of protected devices. Local rule lists cannot be created, edited, or applied.

If this functionality is enabled, the application does not allow editing Applications Launch Control rules locally in the Application Console. This option is disabled by default.

If this functionality is enabled, the application does not allow editing Applications Launch Control rules locally in the Application Console. This option is disabled by default.

• Manually.
  1. Click Add.

     The Applications Launch Control window opens.

  2. In the Name field, enter the name of the rule.
  3. If necessary, in the Description field, enter a description of the rule.
  4. In the Type drop-down list, select the rule type:
     • Allowing if you want the rule to allow running applications described by the rule.
     • Denying if you want the rule to block the launch of applications described by the rule.
  5. In the Scope drop-down list, select the type of files whose execution will be controlled by the rule:
     • Executable files, if you want the rule to control launch of executable files.
     • Scripts and MSI packages, if you want the rule to control launch of scripts and MSI packages. Files with the following extensions are supported: .js, .vbs, .cmd, .bat, .py, .ps1, .pl, .msi, .msp, .mst, .com, .vbe, .jse, .psd1, .psm1, .pyd, .pyc, .pm, .hta, .chm, .wsf, .wsc, .wsh, .sct.
  6. Select the Trusted Updaters check box if you want Kaspersky Embedded Systems Security to consider applications matching the rule trigger conditions as trusted updaters. Trusted Updaters are applications that are allowed to create other executable files that will be allowed to run subsequently.

     If an application triggers multiple rules, Kaspersky Embedded Systems Security sets the Trusted Updaters flag if the following conditions are satisfied:

     • All rules allow the application to run.
     • At least one rule has the Trusted Updaters check box selected.
  7. Add trigger conditions for the Applications Launch Control rule.
  8. Add exclusions from trigger conditions for the Applications Launch Control rule.
  9. Add users and/or groups of users that are allowed or forbidden to launch applications that satisfy the rule.
     1. Select the User or group tab.
     2. In the context menu of the Add button, select the method for adding users or groups.
     3. This opens a window; in that window, enter or select the name of a user or group of users.
     4. Click OK.
     5. Complete steps b through d for every user or group of users.
  10. Click OK.
• By importing an XML file containing Applications Launch Control rules.
  1. In the context menu of the button, select the Import → From XML file item.
  2. Choose how to add Device Control rules from an XML file to those available in the policy:
     • Replace existing rules, if you want to replace the existing rules with the imported rules.
     • Add to existing rules, if you want to add the imported rules to the list of existing rules. Rules with identical settings are duplicated.
     • Merge with existing rules, if you want to add the imported rules to the list of existing rules. Rules with identical settings are not duplicated. If at least one rule setting is unique, the rule is added.
  3. In the window that opens, specify the path to the XML file that was created after the completion of local task or group task for Rule Generator for Applications Launch Control.
  4. Click Open.
• Based on Kaspersky Security Center events using a request.
  1. In the context menu of the button, select the Import → Create allowing rules based on Kaspersky Security Center events (request) item.
  2. Select the principle for adding the rules to the list of previously created Application Launch Control rules:
     • Add to existing rules, if you want to add the imported rules to the list of existing rules. Rules with identical settings are duplicated.
     • Replace existing rules, if you want to replace the existing rules with the imported rules.
     • Merge with existing rules, if you want to add the imported rules to the list of existing rules. Rules with identical settings are not added; the rule is added if at least one rule parameter is unique.

     The Applications launch control rules generation window opens.

  3. Select the event types based on which the application will create Applications Launch Control rules:
     • Application launch denied.
     • Statistics only mode: application launch denied.
  4. Select a period from the Request events that were generated within the period drop-down list.
  5. Clear or select the Prioritize the use of hash when generating rules check box.

     If the check box is selected, Kaspersky Embedded Systems Security uses the checksum of the file to generate the rule when both the checksum and the certificate of the file are available.

     If the check box is cleared, Kaspersky Embedded Systems Security uses the digital certificate of the file to generate the rule when both the checksum and the certificate of the file are available.

  6. Click Generate rules.
  7. Click OK.
• By importing a TXT file with a selection of Kaspersky Security Center blocked application events.
  1. In the Kaspersky Security Center Administration Console tree, expand the Managed devices node.
  2. Select the administration group for which you want to configure the task.
  3. Select the Policies tab.
  4. Double-click the policy name you want to configure.
  5. In the policy properties window, go to the Logs and notifications section.
  6. In the Task logs block, click the Settings button.

     The Notifications window opens.

  7. Expand the Local activity control node.
  8. Select the Applications Launch Control section.
  9. In the list of Applications Launch Control events, in the Send events to Kaspersky Security Center column, select check boxes next to Application startup prohibited and Application startup prohibited in test mode.
  10. Save your changes.
  11. In the Event configuration section of the policy, make sure that the event storage duration specified in the Store in the Administration Server database for (days) field is greater than the period for which you plan to gather information about prevented application launches (the default is 30 days).

      Once the Applications Launch Control task log retention period expires, logged events will be deleted and will not appear in the report.

  12. Activate the policy configured to collect data about denied application launches.
  13. If required, modify the Applications Launch Control mode.
  14. When the period for gathering information about prevented application launches expires, make a selection from Application startup prohibited and Application startup prohibited in test mode events and export it to a TXT file. For details, refer to the "Event selections" section in the Kaspersky Security Center Help.
  15. Open the exported TXT file.
  16. If necessary, edit the list of events.

  Before importing the blocked applications data, make sure that the list you are importing contains only applications that you want to allow, and nothing else.

  1. In the context menu of the button, select the Import → Create allowing rules based on TXT file with selected Kaspersky Security Center events item.
  2. Choose how to add Applications Launch Control rules from a report to the list of rules already available in the policy:
     • Merge with existing rules, if you want to add the imported rules to the list of existing rules. Rules with identical settings are not duplicated. If at least one rule setting is unique, the rule is added.
     • Add to existing rules, if you want to add the imported rules to the list of existing rules. Rules with identical settings are duplicated.
     • Replace existing rules, if you want to replace the existing rules with the imported rules.
  3. In the Windows system window that opens, specify the path to the TXT file to which events from the Kaspersky Security Center report on blocked devices have been exported.
  4. Click Open.

Added Applications Launch Control rules are displayed in the list.

The Applications Launch Control window opens on the General tab.

• Manually
  1. Click Add.

     The Applications Launch Control window opens.

  2. In the Name field, enter the name of the rule.
  3. If necessary, in the Description field, enter a description of the rule.
  4. In the Type drop-down list, select the rule type:
     • Allowing if you want the rule to allow running applications described by the rule.
     • Denying if you want the rule to block the launch of applications described by the rule.
  5. In the Scope drop-down list, select the type of files whose execution will be controlled by the rule:
     • Executable files, if you want the rule to control launch of executable files.
     • Scripts and MSI packages, if you want the rule to control launch of scripts and MSI packages. Files with the following extensions are supported: .js, .vbs, .cmd, .bat, .py, .ps1, .pl, .msi, .msp, .mst, .com, .vbe, .jse, .psd1, .psm1, .pyd, .pyc, .pm, .hta, .chm, .wsf, .wsc, .wsh, .sct.
  6. Select the Trusted Updaters check box if you want Kaspersky Embedded Systems Security to consider applications matching the rule trigger conditions as trusted updaters. Trusted Updaters are applications that are allowed to create other executable files that will be allowed to run subsequently.

     If an application triggers multiple rules, Kaspersky Embedded Systems Security sets the Trusted Updaters flag if the following conditions are satisfied:

     • All rules allow the application to run.
     • At least one rule has the Trusted Updaters check box selected.
  7. Add trigger conditions for the Applications Launch Control rule.
  8. Add exclusions from trigger conditions for the Applications Launch Control rule.
  9. Add users and/or groups of users that are allowed or forbidden to launch applications that satisfy the rule.
     1. Select the User or group tab.
     2. In the context menu of the Add button, select the method for adding users or groups.
     3. This opens a window; in that window, enter or select the name of a user or group of users.
     4. Click OK.
     5. Complete steps b through d for every user or group of users.
  10. Click OK.
• By importing an XML file containing Applications Launch Control rules.
  1. In the context menu of the button, select the Import → From XML file item.
  2. Choose how to add Device Control rules from an XML file to those available in the policy:
     • Replace existing rules, if you want to replace the existing rules with the imported rules.
     • Add to existing rules, if you want to add the imported rules to the list of existing rules. Rules with identical settings are duplicated.
     • Merge with existing rules, if you want to add the imported rules to the list of existing rules. Rules with identical settings are not duplicated. If at least one rule setting is unique, the rule is added.
  3. In the window that opens, specify the path to the XML file that was created after the completion of local task or group task for Rule Generator for Applications Launch Control.
  4. Click Open.

Added Applications Launch Control rules are displayed in the list.

• Add policy rules to the local rules. The application applies the rule list specified in a policy together with local rule lists.
• Replace local rules with policy rules. The application applies the rule list specified in the policy for application launch control on a group of protected devices. Local rule lists cannot be created, edited, or applied.

• Manually
  1. Click Add.

     The Rule settings window opens.

  2. In the Name field, enter the name of the rule.
  3. In the Type drop-down list, select the rule type:
     • Allowing if you want the rule to allow running applications described by the rule.
     • Denying if you want the rule to block the launch of applications described by the rule.
  4. In the Scope drop-down list, select the type of files whose execution will be controlled by the rule:
     • Executable files, if you want the rule to control launch of executable files.
     • Scripts and MSI packages, if you want the rule to control launch of scripts and MSI packages.
  5. Select the Deny for other users check box if you want the application to block the launch of the applications described by the rule for all users that are not listed on the User or group tab.
  6. Select the Trusted Updaters check box if you want Kaspersky Embedded Systems Security to consider applications matching the rule trigger conditions as trusted updaters. Trusted Updaters are applications that are allowed to create other executable files that will be allowed to run subsequently.

     If an application triggers multiple rules, Kaspersky Embedded Systems Security sets the Trusted Updaters flag if the following conditions are satisfied:

     • All rules allow the application to run.
     • At least one rule has the Trusted Updaters check box selected.
  7. Add trigger conditions for the Applications Launch Control rule.
  8. Add exclusions from trigger conditions for the Applications Launch Control rule.
  9. Add users and/or groups of users that are allowed or forbidden to launch applications that satisfy the rule.
     1. Select the User or group tab.
     2. Click Add.
     3. This opens a window; in that window, enter or select the name of a user or group of users.
     4. Click Select.
     5. Complete steps b through d for every user or group of users.
  10. Click OK.

  Added Applications Launch Control rules are displayed in the list.

• By importing an XML file containing Applications Launch Control rules.
  1. Click Import.
  2. In the displayed Import from file window, click the Select button.
  3. Specify the path to the XML file that was created after the completion of local task or group task for Rule Generator for Applications Launch Control.
  4. Click Open.
  5. Click Import.

  Imported Applications Launch Control rules are added to the list of existing rules. Rules with identical settings are not duplicated. If at least one rule setting is unique, the rule is added.

• By importing an XML file containing Kaspersky Embedded Systems Security 4.0 Applications Launch Control rules.
  1. Click Import from the previous version.
  2. In the displayed Import from file window, click the Select button.
  3. Specify the path to the XML file with Applications Launch Control rules that was exported from Kaspersky Embedded Systems Security 4.0.
  4. Click Open.
  5. Click Import.

  Imported Applications Launch Control rules are added to the list of existing rules. Rules with identical settings are not duplicated. If at least one rule setting is unique, the rule is added.

• By importing rules from a Kaspersky Security Center report file.
  1. Click Import from KSC report.
  2. In the window that opens, select the TXT file into which the events from the report were exported.
  3. Click Open.

  Rules based on the Kaspersky Security Center report are added to the list of rules in the policy.

• Based on Kaspersky Security Center events using a request
  1. Click Allowing rules from KSC events.

     The Rule Generator for Applications Launch Control window opens.

  2. Select the type of events based on which the application will create Applications Launch Control rules:
     • All events.
     • Application launch denied.
     • Statistics only mode: application launch denied.
  3. Select a period from the Use events generated within the period drop-down list.
  4. Clear or select the Prioritize the use of hash when generating rules check box.

     If the check box is selected, Kaspersky Embedded Systems Security uses the checksum of the file to generate the rule when both the checksum and the certificate of the file are available.

     If the check box is cleared, Kaspersky Embedded Systems Security uses the digital certificate of the file to generate the rule when both the checksum and the certificate of the file are available.

  5. If necessary, specify the name of the group of managed devices in the Use events generated for a group of managed devices field.
  6. Click Generate rules.
  7. From the Rule for adding to the main list drop-down list, select the principle for adding the rules to the list of previously created Application Launch Control rules:
     • Add to existing rules, if you want to add the imported rules to the list of existing rules. Rules with identical settings are duplicated.
     • Replace existing rules, if you want to replace the existing rules with the imported rules.
  8. Select rules that you wnat to export into Application Launch Control rules of the policy and click the Export button.
  9. Save your changes.