Adding a trigger condition for an Application Control rule
To add a new trigger condition for an Application Control rule:
In the main application window, click the button .
In the application settings window, select Security Controls → Application Control.
Click the Blocked applications or Allowed applications button.
This opens the list of Application Control rules.
Select the rule for which you want to configure a trigger condition.
The Application Control rule properties open.
Select the Conditions tab or Exclusions tab and click the Add button.
Select the trigger conditions for the Application Control rule:
Conditions from properties of started applications. In the list of running applications, you can select the applications to which the Application Control rule will be applied. Kaspersky Endpoint Security also lists applications that were previously running on the computer. You need to select the criterion that you want to use to create one or multiple rule trigger conditions: File hash, Certificate, KL category, Metadata or Path to file or folder.
Conditions "KL category". A KL category is a list of applications that have shared theme attributes. The list is maintained by Kaspersky experts. For example, the KL category known as "Office applications" includes applications from the Microsoft Office suite, Adobe® Acrobat®, and others.
Custom condition. You can select the application file and select one of the rule trigger conditions: File hash, Certificate, Metadata or Path to file or folder.
Condition by file drive (removable drive). The Application Control rule is applied only to files that are run on a removable drive.
Conditions from properties of files in the specified folder. The Application Control rule is applied only to files in the specified folder. You can also include or exclude files from subfolders. You need to select the criterion that you want to use to create one or multiple rule trigger conditions: File hash, Certificate, KL category, Metadata or Path to file or folder.
Save your changes.
When adding conditions, please take into account the following special considerations for Application Control:
Kaspersky Endpoint Security does not support an MD5 file hash and does not control startup of applications based on an MD5 hash. An SHA256 hash is used as a rule trigger condition.
It is not recommended to use only the Issuer and Subject criteria as rule trigger conditions. Use of these criteria is unreliable.
If you are using a symbolic link in the Path to file or folder field, you are advised to resolve the symbolic link for correct operation of the Application Control rule. To do so, click the Resolve symbolic link button.