Selecting the Application Control mode

To select the Application Control mode:

  1. Open the application settings window.
  2. In the left part of the window, in the Security Controls section, select the Application Control subsection.

    In the right part of the window, the settings of the Application Control component are displayed.

  3. Select the Enable Application Control check box to make the component settings available for editing.
  4. In the Application Control mode drop-down list, select one of the following items:
    • Black List, if you want to allow the startup of all applications except the applications specified in block rules.
    • White List, if you want to block the startup of all applications except the applications specified in allow rules.

      The initially defined rules for white list mode are the Golden Image rule, which allows the startup of applications that are included in the "Golden Image" category, and the Trusted Updaters rule, which allows the startup of applications that are included in the "Trusted Updaters" KL category. The "Golden Image" KL category includes programs that ensure normal operation of the operating system. The "Trusted Updaters" KL category includes updaters for the most reputable software vendors. You cannot delete these rules. The settings of these rules cannot be edited. By default, the Golden Image rule is enabled, and the Trusted Updaters rule is disabled. All users are allowed to start applications that match the trigger conditions of these rules.

    All rules created during the selected mode are saved after the mode is changed so that the rules can be used again. To revert to using these rules, all you have to do is select the necessary mode in the Application Control mode drop-down list.

  5. In the Action drop-down list, select the action to be performed by the component when a user attempts to start an application that is blocked by Application Control rules.
  6. Select the Control DLL and drivers check box if you want Kaspersky Endpoint Security to monitor the loading of DLL modules when applications are started by users.

    Information about the module and the application that loaded the module will be saved to a report.

    Kaspersky Endpoint Security monitors only the DLL modules and drivers loaded since the Control DLL and drivers check box was selected. Restart the computer after selecting the Control DLL and drivers check box if you want Kaspersky Endpoint Security to monitor all DLL modules and drivers, including ones loaded before Kaspersky Endpoint Security is started.

    When enabling the function for controlling which DLL modules and drivers are loaded, make sure that the Application Control section has enabled the default Golden Image rule or another rule that contains the Trusted certificates KL category and ensures that trusted DLL modules and drivers are loaded before Kaspersky Endpoint Security is started. Enabling control of the loading of DLL modules and drivers when the Golden Image rule is disabled may cause instability in the operating system.

    Application Control rules that were created based on other KL categories (except for the Trusted certificates KL category) are not used for startup control of DLL modules and drivers.

    We recommend password protection be turned on to configure program settings so that it is possible to turn off allow rules blocking the launch of critically important DLL modules and drivers while not changing Kaspersky Security Center policy settings in the process.

  7. To save changes, click the Save button.
Page top