In the main application window, click the Settings button.
In the left part of the window, in the Security Controls section, select the Application Control subsection.
In the right part of the window, the settings of the Application Control component are displayed.
Select the Application Control check box to make the component settings available for editing.
Do one of the following:
To add a rule, click the Add button.
If you want to edit an existing rule, select it in the list of rules and click the Edit button.
The Application Control rule window opens.
Specify or edit the settings of the rule:
In the Rule name field, enter or edit the name of the rule.
In the Inclusion conditions table, create or edit the list of inclusion conditions that trigger a rule by clicking the Add, Edit, Delete, and Convert into exclusion buttons.
In the Exclusion conditions table, create or edit the list of exclusion conditions that trigger a rule by clicking the Add, Edit, Delete, and Convert into inclusion condition buttons.
If required, change the type of rule-triggering condition:
To change the condition type from an inclusion condition to an exclusion condition, select a condition in the Inclusion conditions table and click the Convert into exclusion button.
To change the condition type from an exclusion condition to an inclusion condition, select a condition in the Exclusion conditions table and click the Convert into inclusion condition button.
Compile or edit a list of users and/or groups of users who are allowed or not allowed to start applications that meet the rule trigger conditions. To do this, click the Add button in the Subjects and their rights table.
The Select Users or Groups window in Microsoft Windows opens. This window lets you select users and / or user groups.
By default, the Everyone value is added to the list of users. The rule applies to all users.
If there is no user specified in the table, the rule cannot be saved.
In the Subjects and their rights table, select the Allow or Block check boxes opposite the users and/or groups of users to determine their right to start applications.
Select the Deny for other users check box if you want all users that do not appear in the Subject column and that are not part of the group of users specified in the Subject column to be blocked from starting applications that match the rule trigger conditions.
If the Deny for other users check box is cleared, Kaspersky Endpoint Security does not control the startup of applications by users that are not specified in the Subjects and their rights table and that do not belong to the groups of users specified in the Subjects and their rights table.
If you want Kaspersky Endpoint Security to consider applications matching the rule trigger conditions as trusted updaters allowed to create other executable files that will be allowed to run subsequently, select the Trusted Updaters check box.
When Kaspersky Endpoint Security settings are migrated, the list of executable files created by trusted updaters is migrated as well.