In the Kaspersky Security Center Administration Console tree, expand the Managed devices node.
Select the administration group for which you want to configure the task.
Select the Policies tab.
Double-click the policy name you want to configure.
In the policy properties window, go to the Local activity control section.
In the Applications Launch Control block, click the Settings button.
The Applications Launch Control window opens on the General tab.
Select the Rules tab.
Do one of the following:
Click the Add button if you are adding a new Applications Launch Control rule.
In the list of Applications Launch Control rules, select the rule for which you want to add exclusions, and click the Edit button.
The Applications Launch Control window opens.
On the Exclusions tab, in the context menu of the Add button, select a criterion for creating an exclusion from the scope of the Applications Launch Control rule:
Click the Browse button in the Information from file window.
The standard Microsoft Windows Open File window opens.
Select the file.
Click Open.
Information about the selected file is displayed in the Information from file window.
Select at least one option:
Certificate details. If this check box is selected, the rule does not control the launch of applications signed with a digital certificate that has the specified data.
Metadata. If this check box is selected, the rule does not control the launch of applications that have the specified metadata.
File hash. If this check box is selected, the rule does not control the launch of applications that have the specified SHA256 hash.
File path. If this check box is selected, the rule does not control the launch of applications at the specified path.
If necessary, in the Command line field, enter the command for starting the application on the command line. The rule does not control the launch of this application. You can use ? and * characters to enter a mask.
Kaspersky Embedded Systems Security does not recognize paths that contain slashes ("/"). Use the backslash character ("\") in paths.
Click OK.
Drive type. The rule does not control the launch of applications from all removable drives connected to the protected computer.
KL category. The rule does not control the launch of applications that belong to the selected KL categories.
Trusted by KSN. The rule does not control the launch of applications that are trusted in KSN.
Untrusted by KSN. The rule does not control the launch of applications that are untrusted in KSN.
Trusted by OS. The rule does not control the launch of applications that are trusted in the operating system.
The added exclusion will be displayed in the list.
If necessary, perform the previous step of the instructions to add each subsequent exclusion from the scope of the Applications Launch Control rule.
If necessary, edit exclusions by clicking the Edit button.
In the Application Console tree, select the Computer Control → Applications Launch Control section.
Click the Properties link in the results pane.
The Applications Launch Control window opens on the General tab.
Select the Rules tab.
Do one of the following:
Click the Add button if you are adding a new Applications Launch Control rule.
In the list of Applications Launch Control rules, select the rule for which you want to add exclusions, and click the Edit button.
The Applications Launch Control window opens.
On the Exclusions tab, in the context menu of the Add button, select a criterion for creating an exclusion from the scope of the Applications Launch Control rule:
Click the Browse button in the Information from file window.
The standard Microsoft Windows Open File window opens.
Select the file.
Click Open.
Information about the selected file is displayed in the Information from file window.
Select at least one option:
Certificate details. If this check box is selected, the rule does not control the launch of applications signed with a digital certificate that has the specified data.
Metadata. If this check box is selected, the rule does not control the launch of applications that have the specified metadata.
File hash. If this check box is selected, the rule does not control the launch of applications that have the specified SHA256 hash.
File path. If this check box is selected, the rule does not control the launch of applications at the specified path.
If necessary, in the Command line field, enter the command for starting the application on the command line. The rule does not control the launch of this application. You can use ? and * characters to enter a mask.
Kaspersky Embedded Systems Security does not recognize paths that contain slashes ("/"). Use the backslash character ("\") in paths.
Click OK.
Drive type. The rule does not control the launch of applications from all removable drives connected to the protected computer.
KL category. The rule does not control the launch of applications that belong to the selected KL categories.
Trusted by KSN. The rule does not control the launch of applications that are trusted in KSN.
Untrusted by KSN. The rule does not control the launch of applications that are untrusted in KSN.
Trusted by OS. The rule does not control the launch of applications that are trusted in the operating system.
The added exclusion will be displayed in the list.
If necessary, perform the previous step of the instructions to add each subsequent exclusion from the scope of the Applications Launch Control rule.
If necessary, edit exclusions by clicking the Edit button.
In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
Click the name of the Kaspersky Embedded Systems Security policy.
The policy properties window opens.
Select the Application settings tab.
Select the Local activity control section.
In the Applications Launch Control block, click the Configure button.
The Applications Launch Control window opens on the General tab.
Select the Rules tab.
Click Add.
The Rule settings window opens.
On the Exclusions tab, click the Add button.
The Rule settings window opens.
Select a criterion for creating an exclusion from the scope of the Applications Launch Control rule:
Information from file. The rule does not control the launch of applications whose data matches the data in the file.
Under Rule triggering criteria, specify a value for at least one criterion:
Digital certificate. If this check box is selected, the rule does not control the launch of applications signed with a digital certificate that has the specified data.
Metadata. If this check box is selected, the rule does not control the launch of applications that have the specified metadata.
SHA256 hash. If this check box is selected, the rule does not control the launch of applications that have the specified SHA256 hash.
File path. If this check box is selected, the rule does not control the launch of applications at the specified path.
Click OK.
KL category. The rule does not control the launch of applications that belong to the selected KL categories.
Drive type. The rule does not control the launch of applications from all removable drives connected to the protected computer.
Trusted by OS. The rule does not control the launch of applications that are trusted in the operating system.
The added condition will be displayed in the list.
If necessary, perform steps 4 through 5 of the instructions to add each subsequent exclusion from the scope of the Applications Launch Control rule.
If necessary, edit exclusions by clicking the Edit button.