Adding and modifying an Application Control rule using Kaspersky Security Center
To add or modify an Application Control rule using Kaspersky Security Center:
Open the Kaspersky Security Center Administration Console.
In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
In the workspace, select the Policies tab.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select Security Controls → Application Control.
In the right part of the window, the settings of the Application Control component are displayed.
Do one of the following:
To add a rule, click the Add button.
If you want to edit an existing rule, select it in the list of rules and click the Edit button.
The Application Control rule window opens.
Do one of the following:
If you want to create a new category:
Click Create a category.
The user category creation wizard starts.
Follow the instructions of the user category creation wizard.
In the Category drop-down list, select the created application category.
If you want to edit an existing category:
In the Category drop-down list, select the created application category that you want to edit.
Click Properties.
Modify the settings of the selected application category.
Save your changes.
In the Category drop-down list, select the created application category based on which you want to create a rule.
In the Subjects and their rights table, click the Add button.
In the window that opens, specify the list of users and/or user groups for which you want to configure permission to start applications from the selected category.
In the Subjects and their rights table, do the following:
If you want to allow users and/or groups of users to start applications that belong to the selected category, select the Allow check box in the relevant rows.
If you want to block users and/or groups of users from starting applications that belong to the selected category, select the Deny check box in the relevant rows.
Select the Deny for other users check box if you want all users that do not appear in the Subject column and that are not part of the group of users specified in the Subject column to be blocked from starting applications that belong to the selected category.
If you want Kaspersky Endpoint Security to consider applications included in the selected application category as trusted updaters allowed to create other executable files that will be subsequently allowed to run, select the Trusted Updaters check box.
When Kaspersky Endpoint Security settings are migrated, the list of executable files created by trusted updaters is migrated as well.