By default, application activity is controlled by application rights that are defined for the trust group to which Kaspersky Endpoint Security assigned the application on first launch. If necessary, you can edit the application rights for an entire trust group, for an individual application, or a group of applications that are within a trust group.
Application rights that are defined for individual applications or groups of applications within a trust group have a higher priority than application rights that are defined for a trust group. In other words, if the settings of the application rights for an individual application or a group of applications within a trust group differ from the settings of application rights for the trust group, the Host Intrusion Prevention component controls the activity of the application or the group of applications within the trust group according to the application rights that are defined for the application or the group of applications.