Configuring white list mode

When configuring white list mode, it is recommended to perform the following actions:

1. Create application categories containing the applications that must be allowed to start.

   You can select one of the following methods for creating application categories:

   • Category with content added manually (Step 3. Configuring the conditions for including applications in a category, Step 4. Configuring the conditions for excluding applications from a category). You can manually add to this category by using the following conditions:
     • File metadata. If this condition is used, Kaspersky Security Center adds all executable files accompanied by the specified metadata to the application category.
     • File hash code. If this condition is used, Kaspersky Security Center adds all executable files with the specified hash to the application category.

       Use of this condition excludes the capability to automatically install updates because different versions of files will have a different hash.

     • File certificate. If this condition is used, Kaspersky Security Center adds all executable files signed with the specified certificate to the application category.
     • KL category. If this condition is used, Kaspersky Security Center adds all applications that are in the specified KL category to the application category.
     • Application folder. If this condition is used, Kaspersky Security Center adds all executable files from this folder to the application category.

     Use of the Application folder condition may be unsafe because any application from the specified folder will be allowed to start. It is recommended to apply rules that use the application categories with the Application folder condition only to those users for whom the automatic installation of updates must be allowed.

   You can also add executable files from the Executable files folder to an application category with content added manually.

   • Category with content added automatically. You can specify a folder from which executable files will be automatically assigned to the created application category.
   • Category which includes executable files from selected devices. You can specify a computer for which all executable files will be automatically assigned to the created application category.

     When using this method of creating application categories, Kaspersky Security Center receives information about applications on the computer from a list of executable files.

2. Select white list mode for the Application Control component.
3. Create Application Control rules using the created application categories.

   The initially defined rules for white list mode are the Golden Image rule, which allows the startup of applications that are included in the Golden Image KL category, and the Trusted Updaters rule, which allows the startup of applications that are included in the Trusted Updaters KL category. The "Golden Image" KL category includes programs that ensure normal operation of the operating system. The "Trusted Updaters" KL category includes updaters for the most reputable software vendors. You cannot delete these rules. The settings of these rules cannot be edited. By default, the Golden Image rule is enabled, and the Trusted Updaters rule is disabled. All users are allowed to start applications that match the trigger conditions of these rules.

4. Determine the applications for which automatic installation of updates must be allowed.

   You can allow automatic installation of updates in one of the following ways:

   • Specify an extended list of allowed applications by allowing the startup of all applications that belong to any KL category.
   • Specify an extended list of allowed applications by allowing the startup of all applications that are signed with certificates.

     To allow the startup of all applications signed with certificates, you can create a category with a certificate-based condition that uses only the Subject parameter with the value *.

   • For the Application control rule, select the Trusted Updaters parameter. If this check box is selected, Kaspersky Endpoint Security considers the applications that belong to the category specified in the application category rule as Trusted Updaters. Kaspersky Endpoint Security allows the startup of applications that have been installed or updated by applications specified in the category rule, if no block rules apply to them.
   • Create an allow rule using an application category based on the Application folder condition. When this method is used, all executable files within the specified folder will be added to the application category.

     Use of the Application folder condition may be unsafe because any application from the specified folder will be allowed to start. It is recommended to apply rules that use the application categories with the Application folder condition only to those users for whom the automatic installation of updates must be allowed.

Page top