To create optimal Application Control rules, it is recommended to first get a picture of the applications that are used on computers on the corporate LAN. To do this, you can obtain the following information:
Viewing application information
Information about installed applications is provided by Kaspersky Security Center Network Agent. Information about installed applications is available in Kaspersky Security Center console in the Applications registry folder. Network Agent updates the information upon each synchronization with Kaspersky Security Center. For details about information sent by the Network Agent, please refer to the Kaspersky Security Center Help.
To open the application properties window in the Applications registry folder:
Viewing information about executable files
You can reduce the load on the database when querying information about executable files. To achieve this, we recommend running the Inventory task on several reference computers that have your standard set of software installed.
You can get a list of executable files using the Inventory task of Kaspersky Endpoint Security. You can view the list of executable files in the Kaspersky Security Center console, in the Executable files folder.
Before running the Inventory task, make sure that the database satisfies the recommendations of Kaspersky Security Center. For details on database limitations, please refer to the Kaspersky Security Center Help.
How to run the Inventory task in the Administration Console (MMC)
How to run an Inventory task in the Web Console and Cloud Console
Inventory settings
Parameter |
Description |
---|---|
Inventory scope |
List of objects that will form the inventory scope. |
DLL modules inventory |
Kaspersky Endpoint Security looks for DLL modules in the inventory scope and sends information to Kaspersky Security Center. Enabling DLL modules inventory significantly increases the time it takes to complete the Inventory task and the size of the database. |
Script files inventory |
Kaspersky Endpoint Security looks for scripts in the inventory scope and sends the information to Kaspersky Security Center. Enabling script files inventory significantly increases the time it takes to complete the Inventory task and the size of the database. |
Run only when the computer is idle |
Postponed start of the task when computer resources are busy. Kaspersky Endpoint Security starts the scan task if the computer is locked or if the screen saver is on. If you have interrupted the execution of the task, for example by unlocking the computer, Kaspersky Endpoint Security automatically runs the task, continuing from the point where it was interrupted. This schedule option lets you conserve computer resources when the computer is being used. |
Scan only new and modified files |
Scans only new files and those files that have been modified since the last time they were scanned. This helps reduce the duration of a scan. This mode applies both to simple and to compound files. |
Skip file that is scanned for longer than N sec |
This sets a time limit for scanning a single object. After the specified amount of time, the application stops scanning a file. This helps reduce the duration of a scan. |
Scan archives |
Scanning ZIP, GZIP, BZIP, RAR, TAR, ARJ, CAB, LHA, JAR, ICE, and other archives. The application scans archives not only by extension, but also by format. When checking archives, the application performs a recursive unpacking. This allows to detect threats inside multi-level archives (archive within an archive). |
Scan distribution packages |
Scanning distribution packages of third-party applications. |
Do not unpack large compound files |
If this check box is selected, the application does not scan compound files if their size exceeds the specified value. If this check box is cleared, the application scans compound files of all sizes. The application scans large files that are extracted from archives regardless of whether the check box is selected or not. |
To open the properties window for an executable file in the Executable files folder:
To view general information about the application and its executable files, and the list of computers on which an application is installed, open the properties window of an application that is selected in the Applications registry folder or in the Executable files folder.
Updating the information about installed applications and executable files
Starting with Kaspersky Endpoint Security 12.3 for Windows, the operation of Application Control component with the database of executable files is optimized. Kaspersky Endpoint Security 12.3 for Windows automatically updates the database after the file is deleted from the computer. This allows keeping the database up to date and saving Kaspersky Security Center resources.
To keep the database of installed applications up to date, the sending of application information to the Administration Server must be enabled (it is enabled by default).
How to enable the submission of application information in Administration Console (MMC)
How to enable the submission of application information in Web Console and Cloud Console
Page top