This functionality automatically creates exclusions for all files launched using executable files and installation packages specified in the list.

If this functionality is enabled, Kaspersky Embedded Systems Security allows launching executable files using trusted installation packages added to the list.

If this functionality is disabled, Kaspersky Embedded Systems Security does not apply the exclusions specified in the list.

This option is disabled by default.

You can enable the Automatically allow software distribution via applications and packages listed functionality if on the General tab, the Apply rules to executable files functionality is enabled.

This functionality cannot be enabled if the Automatically allow software distribution via applications and packages listed functionality is disabled.

This functionality automatically creates exclusions for all files launched using the Windows installer.

If this functionality is enabled, Kaspersky Embedded Systems Security allows launching files installed using the Windows Installer.

This option is enabled by default.

Turning off this function may cause issues with updating operating system files and also prevent the launch of files extracted from a distribution package.

This functionality allows distributing software using the System Center Configuration Manager solution.

If this functionality is enabled, Kaspersky Embedded Systems Security allows Microsoft Windows deployment using the System Center Configuration Manager. The application allows software distribution only via the Background Intelligent Transfer Service.

The application controls the launch of executable files with .EXE and .MSI extensions.

This option is disabled by default.

The application controls the software distribution cycle on the protected device — from package delivery to installation or update. The application does not control processes if any stage of distribution was performed before installation of Kaspersky Embedded Systems Security on the protected device.

• Add one manually
  1. In the context menu of the Add button, select Add one distribution package.
  2. Click the Browse button in the window that opens.
  3. Select the executable file or distribution package.

     Fields under Trusting criteria are automatically populated with information about the selected file.

  4. If necessary, enable the Allow launching of all child files as trusted distribution packages functionality.
     

     If this functionality is enabled, Kaspersky Embedded Systems Security allows launching all executable files extracted from a trusted installation package. The files can be extracted from any nesting level.

     If this functionality is disabled, Kaspersky Embedded Systems Security allows launching only those files that were created or modified by the primary installation package directly.

     This option is disabled by default.

  5. Select the criterion that will decide that the executable file or installation package is trusted: Certificate details or SHA256 hash.
  6. Click OK.

  The executable file or installation package is added to the list.

• Add several by hash
  1. In the context menu of the Add button, select Add several packages by hash.
  2. This opens a window; in that window, select any number of files or installation packages.
  3. Click Open.

  Executable files or installation packages are added to the list. The SHA256 hash is specified in their properties.

• Import from file
  1. Click Import.
  2. In the window that opens, select a .TXT file with information about executable files and installation packages.
     

     The file for importing that contains executable files data and installation packages data must satisfy the following parameters:

     • The file extension is TXT.
     • Each line of the file contains data for one executable file or installation package in one of the following formats:
       • <file name>:<SHA256 hash>.
       • <SHA256 hash>*<file name>.
  3. Click Open.

  Executable files or installation packages are added to the list. The SHA256 hash is specified in their properties.

If you create a trusted distribution package based on an executable file and you added a process in the Trusted Zone settings based on that same executable file and made it trusted for the Applications Launch Control task, the Trusted Zone settings have a higher priority. Kaspersky Embedded Systems Security blocks this executable file from starting, but considers the executable file's process to be trusted.

To prevent the execution of unpacked executable files, you must remove Kaspersky Embedded Systems Security from the protected device or create Applications Launch Control deny rules for the unpacked files.

The Applications Launch Control window opens on the General tab.

You can enable the Automatically allow software distribution via applications and packages listed functionality if on the General tab, the Apply rules to executable files functionality is enabled.

Turning off this function may cause issues with updating operating system files and also prevent the launch of files extracted from a distribution package.

The application controls the software distribution cycle on the protected device — from package delivery to installation or update. The application does not control processes if any stage of distribution was performed before installation of Kaspersky Embedded Systems Security on the protected device.

• Add one manually
  1. In the context menu of the Add button, select Add one distribution package.
  2. Click the Browse button in the window that opens.
  3. Select the executable file or distribution package.

     Fields under Trusting criteria are automatically populated with information about the selected file.

  4. If necessary, enable the Allow launching of all child files as trusted distribution packages functionality.
  5. Select the criterion that will decide that the executable file or installation package is trusted: Certificate details or SHA256 hash.
  6. Click OK.

  The executable file or installation package is added to the list.

• Add several by hash
  1. In the context menu of the Add button, select Add several packages by hash.
  2. This opens a window; in that window, select any number of files or installation packages.
  3. Click Open.

  Executable files or installation packages are added to the list. The SHA256 hash is specified in their properties.

• Import from file
  1. Click Import.
  2. In the window that opens, select a .TXT file with information about executable files and installation packages.
  3. Click Open.

  Executable files or installation packages are added to the list. The SHA256 hash is specified in their properties.

If you create a trusted distribution package based on an executable file and you added a process in the Trusted Zone settings based on that same executable file and made it trusted for the Applications Launch Control task, the Trusted Zone settings have a higher priority. Kaspersky Embedded Systems Security blocks this executable file from starting, but considers the executable file's process to be trusted.

To prevent the execution of unpacked executable files, you must remove Kaspersky Embedded Systems Security from the protected device or create Applications Launch Control deny rules for the unpacked files.

You can enable the Automatically allow software distribution via applications and packages listed functionality if on the General tab, the Apply rules to executable files functionality is enabled.

Turning off this function may cause issues with updating operating system files and also prevent the launch of files extracted from a distribution package.

The application controls the software distribution cycle on the protected device — from package delivery to installation or update. The application does not control processes if any stage of distribution was performed before installation of Kaspersky Embedded Systems Security on the protected device.

• Manually
  1. Click the Add button.
  2. Under Trusting criteria, select the criterion that will decide that the executable file or installation package is trusted: Use digital certificate or Use SHA256 hash.
  3. If you selected Use digital certificate, enter the header and thumbprint of the certificate that the executable file or installation package is signed with, and also the name of the executable file or installation package.
  4. If you selected Use SHA256 hash, click Browse to select the executable file or installation package.
  5. If necessary, enable the Allow launching of all child files as trusted distribution packages functionality.
  6. Click OK.

  The executable file or installation package is added to the list.

• Import from file
  1. Click Import.
  2. In the window that opens, select a .TXT file with information about executable files and installation packages.
  3. Click the Open button.

  Executable files or installation packages are added to the list. The SHA256 hash is specified in their properties.

If you create a trusted distribution package based on an executable file and you added a process in the Trusted Zone settings based on that same executable file and made it trusted for the Applications Launch Control task, the Trusted Zone settings have a higher priority. Kaspersky Embedded Systems Security blocks this executable file from starting, but considers the executable file's process to be trusted.

To prevent the execution of unpacked executable files, you must remove Kaspersky Embedded Systems Security from the protected device or create Applications Launch Control deny rules for the unpacked files.