Adding and modifying an Application Control rule using Kaspersky Security Center
To add or modify an Application Control rule using Kaspersky Security Center:
Open the Kaspersky Security Center Administration Console.
In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
In the workspace, select the Policies tab.
Select the necessary policy.
Open the Properties: <Policy name> window by using one of the following methods:
In the context menu of the policy, select Properties.
Click the Configure policy link located in the right part of the Administration Console workspace.
In the Security Controls section, select Application Control.
In the right part of the window, the settings of the Application Control component are displayed.
Do one of the following:
To add a rule, click the Add button.
If you want to edit an existing rule, select it in the list of rules and click the Edit button.
The Application Control rule window opens.
In the Category drop-down list, select the created application category based on which you want to create a rule.
In the Principals and their rights table, click the Add button.
The standard Microsoft Windows Select Users or Groups window opens.
In the Select Users or Groups window, specify the list of users and/or user groups for which you want to configure permission to start applications from the selected category.
In the Principals and their rights table:
If you want to allow users and/or groups of users to start applications that belong to the selected category, select the Allow check box in the relevant rows.
If you want to block users and/or groups of users from starting applications that belong to the selected category, select the Block check box in the relevant rows.
Select the Deny for other users check box if you want all users that do not appear in the Principal column and that are not part of the group of users specified in the Principal column to be blocked from starting applications that belong to the selected category.
If you want Kaspersky Endpoint Security to consider applications included in the selected application category as trusted updaters allowed to create other executable files that will be subsequently allowed to run, select the Trusted Updaters check box.
In the Application Control section of the policy properties window, click the Apply button.