Application Control
Application Control manages the startup of applications on users' computers. This allows you to implement a corporate security policy when using applications. Application Control also reduces the risk of computer infection by restricting access to applications.
Configuring Application Control consists of the following steps:
- Creating application categories.
The administrator creates categories of applications that the administrator wants to manage. Categories of applications are intended for all computers in the corporate network, regardless of administration groups. To create a category, you can use the following criteria: KL category (for example, Browsers), file hash, application vendor, and other criteria.
- Creating Application Control rules.
The administrator creates Application Control rules in the policy for the administration group. The rule includes the categories of applications and the startup status of applications from these categories: blocked or allowed.
- Selecting the Application Control mode.
The administrator chooses the mode for working with applications that are not included in any of the rules (application denylist and allowlist).
When a user attempts to start a prohibited application, Kaspersky Endpoint Security will block the application from starting and will display a notification (see the figure below).
A test mode is provided to check the configuration of Application Control. In this mode, Kaspersky Endpoint Security does the following:
- Allows the startup of applications, including prohibited ones.
- Shows a notification about the startup of a prohibited application and adds information to the report on the user's computer.
- Sends data about the startup of prohibited applications to Kaspersky Security Center.
Application Control notification
Application Control operating modes
The Application Control component operates in two modes:
- Denylist. In this mode, Application Control allows users to start all applications except for applications that are prohibited in Application Control rules.
This mode of Application Control is enabled by default.
- Allowlist. In this mode, Application Control blocks users from starting any applications except for applications that are allowed and not prohibited in Application Control rules.
If the allow rules of Application Control are fully configured, the component blocks the startup of all new applications that have not been verified by the LAN administrator, while allowing the operation of the operating system and of trusted applications that users rely on in their work.
You can read the recommendations on configuring Application Control rules in allowlist mode.
Application Control can be configured to operate in these modes both by using the Kaspersky Endpoint Security local interface and by using Kaspersky Security Center.
However, Kaspersky Security Center offers tools that are not available in the Kaspersky Endpoint Security local interface, such as the tools that are needed for the following tasks:
- Creating application categories.
Application Control rules created in the Kaspersky Security Center Administration Console are based on your custom application categories and not on inclusion and exclusion conditions as is the case in the Kaspersky Endpoint Security local interface.
- Receiving information about applications that are installed on corporate LAN computers.
This is why it is recommended to use Kaspersky Security Center to configure the operation of the Application Control component.
Application Control operating algorithm
Kaspersky Endpoint Security uses an algorithm to make a decision about starting an application (see the figure below).
Application Control operating algorithm