When configuring white list mode, it is recommended to perform the following actions:
You can select one of the following methods for creating application categories:
Use of this condition excludes the capability to automatically install updates because different versions of files will have a different hash.
Use of the Application folder condition may be unsafe because any application from the specified folder will be allowed to start. It is recommended to apply rules that use the application categories with the Application folder condition only to those users for whom the automatic installation of updates must be allowed.
You can also add executable files from the Executable files folder to an application category with content added manually.
When using this method of creating application categories, Kaspersky Security Center receives information about applications on the computer from a list of executable files.
The initially defined rules for white list mode are the Golden Image rule, which allows the startup of applications that are included in the Golden Image KL category, and the Trusted Updaters rule, which allows the startup of applications that are included in the Trusted Updaters KL category. The "Golden Image" KL category includes programs that ensure normal operation of the operating system. The "Trusted Updaters" KL category includes updaters for the most reputable software vendors. You cannot delete these rules. The settings of these rules cannot be edited. By default, the Golden Image rule is enabled, and the Trusted Updaters rule is disabled. All users are allowed to start applications that match the trigger conditions of these rules.
You can allow automatic installation of updates in one of the following ways:
To allow the startup of all applications signed with certificates, you can create a category with a certificate-based condition that uses only the Subject parameter with the value *.
When Kaspersky Endpoint Security settings are migrated, the list of executable files created by trusted updaters is migrated as well.
Use of the Application folder condition may be unsafe because any application from the specified folder will be allowed to start. It is recommended to apply rules that use the application categories with the Application folder condition only to those users for whom the automatic installation of updates must be allowed.