Kaspersky Endpoint Security controls the startup of applications by users by means of rules. An Application Control rule specifies the triggering conditions and actions performed by the Application Control component when the rule is triggered (allowing or blocking application startup by users).
Rule-triggering conditions
A condition for triggering the rule has the following correspondence: "condition type - condition criterion - condition value" (see the figure below). Based on the rule-triggering conditions, Kaspersky Endpoint Security applies (or does not apply) a rule to an application.
Application Control rule. Rule-triggering condition parameters
Rules use inclusion and exclusion conditions:
Rule-triggering conditions are created using criteria. The following criteria are used to create rules in Kaspersky Endpoint Security:
The criterion value must be specified for each criterion used in the condition. If the parameters of the application being started match the values of criteria specified in the inclusion condition, the rule is triggered. In this case, Application Control performs the action prescribed in the rule. If application parameters match the values of criteria specified in the exclusion condition, Application Control does not control startup of the application.
Decisions made by the Application Control component when a rule is triggered
When a rule is triggered, Application Control allows users (or user groups) to start applications or blocks startup according to the rule. You can select individual users or groups of users that are allowed or not allowed to start applications that trigger a rule.
If a rule does not specify those users allowed to start applications satisfying the rule, this rule is called a block rule.
If a rule that does not specify any users who are not allowed to start applications that match the rule, this rule is called an allow rule.
The priority of a block rule is higher than the priority of an allow rule. For example, if an Application Control allow rule has been assigned for a user group while an Application Control block rule has been assigned for one user in this user group, this user will be blocked from starting the application.
Operating status of a rule
Application Control rules can have one of the following operating statuses:
Test. This status signifies that Kaspersky Endpoint Security allows the startup of applications to which the rules apply but logs information about the startup of such applications in the report.