Generating a TXT file with a selection of Kaspersky Security Center blocked application events
You can export a selection of Kaspersky Security Center blocked application events to a TXT file and then import this data to generate a list of Applications Launch Control allow rules in a policy that you are configuring.
In the Kaspersky Security Center Administration Console tree, expand the Managed devices node.
Select the administration group for which you want to configure the task.
Select the Policies tab.
Double-click the policy name you want to configure.
In the policy properties window, go to the Logs and notifications section.
In the Task logs block, click the Settings button.
The Notifications window opens.
Expand the Local activity control node.
Select the Applications Launch Control section.
In the list of Applications Launch Control events, in the Send events to Kaspersky Security Center column, select check boxes next to Application startup prohibited and Application startup prohibited in test mode.
Save your changes.
In the Event configuration section of the policy, make sure that the event storage duration specified in the Store in the Administration Server database for (days) field is greater than the period for which you plan to gather information about prevented application launches (the default is 30 days).
Once the Applications Launch Control task log retention period expires, logged events will be deleted and will not appear in the report.
Activate the policy configured to collect data about denied application launches.
If required, modify the Applications Launch Control mode.
When the period for gathering information about prevented application launches expires, make a selection from Application startup prohibited and Application startup prohibited in test mode events and export it to a TXT file. For details, refer to the "Event selections" section in the Kaspersky Security Center Help.
In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
Click the name of the Kaspersky Embedded Systems Security policy.
The policy properties window opens.
Select the Application settings tab.
Select the Logs and notifications section.
In the Task logs block, click the Configure button.
The Task logs window opens.
Select the Applications Launch Control section.
In the list of Applications Launch Control events, in the Send events to Kaspersky Security Center column, select check boxes next to Application startup prohibited and Application startup prohibited in test mode.
Save your changes.
On the Event configuration tab of the policy that you are configuring, make sure that the event storage duration specified in the Store in the Administration Server database for (days) field is greater than the period for which you plan to gather information about prevented application launches (the default is 30 days).
Once the Applications Launch Control task log retention period expires, logged events will be deleted and will not appear in the report.
Activate the policy configured to collect data about denied application launches.
If required, modify the Applications Launch Control mode.
When the period for gathering information about prevented application launches expires, make a selection from Application startup prohibited and Application startup prohibited in test mode events and export it to a TXT file. For details, refer to the "Event selections" section in the Kaspersky Security Center Help.