Enabling and disabling Application Control rule testing

To enable or disable testing of Application Control rules in Kaspersky Security Center:

  1. Open the Kaspersky Security Center Administration Console.
  2. In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
  3. In the workspace, select the Policies tab.
  4. Select the necessary policy and double-click to open the policy properties.
  5. In the policy window, select Security ControlsApplication Control.

    In the right part of the window, the settings of the Application Control component are displayed.

  6. In the Control mode drop-down list, select one of the following items:
    • Denylist. If this option is selected, Application Control allows all users to start any applications, except in cases that satisfy the conditions of Application Control block rules.
    • Allowlist. If this option is selected, Application Control blocks all users from starting any applications, except in cases that satisfy the conditions of Application Control allow rules.
  7. Do one of the following:
    • If you want to enable testing of Application Control rules, select the Test rules option in the Action drop-down list.
    • If you want to enable Application Control to manage the startup of applications on user computers, in the drop-down list, select Apply rules.
  8. Save your changes.

To enable testing of Application Control rules or to select a blocking action for Application Control:

  1. In the main application window, click the icon_settings button.
  2. In the application settings window, select Security ControlsApplication Control.
  3. Click the Blocked applications or Allowed applications button.

    This opens the list of Application Control rules.

  4. In the Status column, select Testing.

    This status means that Kaspersky Endpoint Security always allows the startup of applications to which this rule applies but logs information about the startup of such applications in the report.

  5. Save your changes.

Kaspersky Endpoint Security will not block applications whose startup is forbidden by the Application Control component, but will send notifications about their startup to the Administration Server. You can also configure the display of notifications about rule testing on the user's computer (see figure below).

loc_screen_KES11_App_Control_Test_Allowedloc_screen_KES11_App_Control_Test_Denied

Application Control notifications in test mode

Page top