Selecting the Application Control mode

To select the Application Control mode:

1. In the main application window, click the Settings button.
2. In the application settings window, select Security Controls → Application Control.
3. Select the Application Control check box to make the component settings available for editing.
4. In the Control mode drop-down list, select one of the following items:
   • Black List, if you want to allow the startup of all applications except the applications specified in block rules.
   • White List, if you want to block the startup of all applications except the applications specified in allow rules.

     The initially defined rules for white list mode are the Golden Image rule, which allows the startup of applications that are included in the "Golden Image" category, and the Trusted Updaters rule, which allows the startup of applications that are included in the "Trusted Updaters" KL category. The "Golden Image" KL category includes programs that ensure normal operation of the operating system. The "Trusted Updaters" KL category includes updaters for the most reputable software vendors. You cannot delete these rules. The settings of these rules cannot be edited. By default, the Golden Image rule is enabled, and the Trusted Updaters rule is disabled. All users are allowed to start applications that match the trigger conditions of these rules.

   All rules created during the selected mode are saved after the mode is changed so that the rules can be used again. To revert to using these rules, select the required mode in the Control mode drop-down list.

5. In the Action drop-down list, select the action to be performed by the component when a user attempts to start an application that is blocked by Application Control rules.
6. Select the Control DLL and drivers check box if you want Kaspersky Endpoint Security to monitor the loading of DLL modules when applications are started by users.

   Information about the module and the application that loaded the module will be saved to a report.

   Kaspersky Endpoint Security monitors only the DLL modules and drivers loaded since the Control DLL and drivers check box was selected. Restart the computer after selecting the Control DLL and drivers check box if you want Kaspersky Endpoint Security to monitor all DLL modules and drivers, including ones loaded before Kaspersky Endpoint Security is started.

   When enabling control over which DLL modules and drivers are loaded, make sure that one of the following rules is enabled in the Application Control section: the default Golden Image rule or another rule that contains the Trusted certificates KL category and ensures that trusted DLL modules and drivers are loaded before Kaspersky Endpoint Security is started. Application Control rules that were created based on other KL categories (except for the Trusted certificates KL category) are not used for startup control of DLL modules and drivers. Enabling control of the loading of DLL modules and drivers when the Golden Image rule is disabled may cause instability in the operating system.

   We recommend turning on password protection for configuring application settings, so that it is possible to turn off the rules blocking critical DLL modules and drivers form start, without modifying Kaspersky Security Center policy settings.

7. Save your changes.

Page top