Testing Application Control rules using Kaspersky Security Center
To ensure that Application Control rules do not block applications required for work, it is recommended to enable testing of Application Control rules and analyze their operation after creating new rules. When testing of Application Control rules is enabled, Kaspersky Endpoint Security will not block applications whose startup is forbidden by Application Control, but will instead send notifications about their startup to the Administration Server.
An analysis of the operation of Application Control rules requires a review of the resultant Application Control events that are reported to Kaspersky Security Center. If test mode results in no blocked startup events for all applications required for the work of the computer user, this means that the correct rules were created. Otherwise, you are advised to update the settings of the rules you have created, create additional rules, or delete the existing rules.
Blocking mode for Application Control rules is enabled by default.
To enable testing of Application Control rules or to select a blocking action for Application Control in Kaspersky Security Center:
Open the Kaspersky Security Center Administration Console.
In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
In the workspace, select the Policies tab.
Select the necessary policy.
Open the Properties: <Policy name> window by using one of the following methods:
In the context menu of the policy, select Properties.
Click the Configure policy link located in the right part of the Administration Console workspace.
In the Security Controls section, select Application Control.
In the right part of the window, the settings of the Application Control component are displayed.
In the Application Control mode drop-down list, select one of the following items:
Black List, if you want to allow the startup of all applications except the applications specified in block rules.
White List, if you want to block the startup of all applications except the applications specified in allow rules.
Do one of the following:
If you want to enable test mode for Application Control rules, select the Notify option in the Action drop-down list.
If you want to enable blocking mode for Application Control rules, select the Block option in the Action drop-down list.