Testing Application Control rules

To ensure that Application Control rules do not block applications required for work, it is recommended to enable testing of Application Control rules and analyze their operation after creating new rules.

An analysis of the operation of Application Control rules requires a review of the resultant Application Control events that are reported to Kaspersky Security Center. If test mode results in no blocked startup events for all applications required for the work of the computer user, this means that the correct rules were created. Otherwise, you are advised to update the settings of the rules you have created, create additional rules, or delete the existing rules.

To enable testing of Application Control rules or to select a blocking action for Application Control:

  1. In the main application window, click the icon_settings button.
  2. In the application settings window, select Security ControlsApplication Control.
  3. Click the Blocked applications or Allowed applications button.

    This opens the list of Application Control rules.

  4. In the Status column, select Testing.

    This status means that Kaspersky Endpoint Security always allows the startup of applications to which this rule applies but logs information about the startup of such applications in the report.

  5. Save your changes.

Kaspersky Endpoint Security will not block applications whose startup is forbidden by the Application Control component, but will send notifications about their startup to the Administration Server. You can also configure the display of notifications about rule testing on the user's computer (see figure below).

loc_screen_KES11_App_Control_Test_Allowedloc_screen_KES11_App_Control_Test_Denied

Application Control notifications in test mode

Page top