When each application is started for the first time, the Host Intrusion Prevention component checks the security of the application and places the application into one of the trust groups.
Kaspersky specialists do not recommend moving applications from the automatically assigned trust group to a different trust group. Instead, you can modify rights for an individual application if necessary.
Open the Kaspersky Security Center Administration Console.
In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
In the workspace, select the Policies tab.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select Advanced Threat Protection → Host Intrusion Prevention.
In the Application rights block, click the Settings button.
This opens the application rights configuration window and the list of protected resources.
Select the Application rights tab.
Click the Add button.
In the opened window, enter criteria to search for the application whose trust group you want to change.
You can enter the name of the application or the name of the vendor. Kaspersky Endpoint Security supports environment variables and the * and ? characters when entering a mask.
Click the Refresh button.
Kaspersky Endpoint Security will search for the application in the consolidated list of applications installed on managed computers. Kaspersky Endpoint Security will show a list of applications that satisfy your search criteria.
Select the necessary application.
In the Add selected applications to <trust group> group drop-down list, select the necessary trust group for the application.
In the Application rights and protected resources block, click the Application rights and protected resources link.
This opens the application rights configuration window and the list of protected resources.
Select the Application rights tab.
You will see a list of trust groups on the left side of the window and their properties on the right side.
Click the Add button.
This starts the Wizard for adding an application to a trust group.
Click the Selected target group link to select the relevant trust group for the application.
Select the Application type. Click the Next button.
If you want to change the trust group for multiple applications, select the Group type and define a name for the application group.
In the opened list of applications, select the applications whose trust group you want to change.
Use a filter. You can enter the name of the application or the name of the vendor. Kaspersky Endpoint Security supports environment variables and the * and ? characters when entering a mask.
In the lower part of the main application window, click the button.
In the application settings window, select Protection → Advanced Threat Protection → Host Intrusion Prevention.
Click the Manage applications button.
This opens the list of installed applications.
Select the necessary application.
In the context menu of the application, select Restrictions→<trust group>.
Save your changes.
As a result, the application will be put into the other trust group. Kaspersky Endpoint Security will then block the actions of the application depending on the trust group. The (user-defined) status will be assigned to the application. If the reputation of the application is changed in Kaspersky Security Network, the Host Intrusion Prevention component will leave this application's trust group unchanged.