Testing Application Control rules using Kaspersky Security Center

To ensure that Application Control rules do not block applications required for work, it is recommended to enable testing of Application Control rules and analyze their operation after creating new rules. When testing of Application Control rules is enabled, Kaspersky Endpoint Security will not block applications whose startup is forbidden by Application Control, but will instead send notifications about their startup to the Administration Server.

An analysis of the operation of Application Control rules requires a review of the resultant Application Control events that are reported to Kaspersky Security Center. If test mode results in no blocked startup events for all applications required for the work of the computer user, this means that the correct rules were created. Otherwise, you are advised to update the settings of the rules you have created, create additional rules, or delete the existing rules.

By default, Kaspersky Endpoint Security allows the startup of all applications except for applications prohibited by the rules.

To enable or disable testing of Application Control rules in Kaspersky Security Center:

  1. Open the Kaspersky Security Center Administration Console.
  2. In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
  3. In the workspace, select the Policies tab.
  4. Select the necessary policy and double-click to open the policy properties.
  5. In the policy window, select Security ControlsApplication Control.

    In the right part of the window, the settings of the Application Control component are displayed.

  6. In the Control mode drop-down list, select one of the following items:
    • Denylist. If this option is selected, Application Control allows all users to start any applications, except in cases that satisfy the conditions of Application Control block rules.
    • Allowlist. If this option is selected, Application Control blocks all users from starting any applications, except in cases that satisfy the conditions of Application Control allow rules.
  7. Do one of the following:
    • If you want to enable testing of Application Control rules, select the Test rules option in the Action drop-down list.
    • If you want to enable Application Control to manage the startup of applications on users' computers, select the Apply rules option in the Action drop-down list.
  8. Save your changes.
Page top