Receiving information about the applications that are installed on users' computers

To create optimal Application Control rules, it is recommended to first get a picture of the applications that are used on computers on the corporate LAN. To do this, you can obtain the following information:

Viewing application information

Information about installed applications is provided by Kaspersky Security Center Network Agent. Information about installed applications is available in Kaspersky Security Center console in the Applications registry folder. Network Agent updates the information upon each synchronization with Kaspersky Security Center. For details about information sent by the Network Agent, please refer to the Kaspersky Security Center Help.

To open the application properties window in the Applications registry folder:

  1. Open the Kaspersky Security Center Administration Console.
  2. In the Administration Console tree, select AdvancedApplication management → Applications registry.
  3. Select an application.
  4. In the context menu of the application, select Properties.

Viewing information about executable files

You can reduce the load on the database when querying information about executable files. To achieve this, we recommend running the Inventory task on several reference computers that have your standard set of software installed.

You can get a list of executable files using the Inventory task of Kaspersky Endpoint Security. You can view the list of executable files in the Kaspersky Security Center console, in the Executable files folder.

Before running the Inventory task, make sure that the database satisfies the recommendations of Kaspersky Security Center. For details on database limitations, please refer to the Kaspersky Security Center Help.

How to run the Inventory task in the Administration Console (MMC)

How to run an Inventory task in the Web Console and Cloud Console

Inventory settings

Parameter

Description

Inventory scope

List of objects that will form the inventory scope.

DLL modules inventory

Kaspersky Endpoint Security looks for DLL modules in the inventory scope and sends information to Kaspersky Security Center.

Enabling DLL modules inventory significantly increases the time it takes to complete the Inventory task and the size of the database.

Script files inventory

Kaspersky Endpoint Security looks for scripts in the inventory scope and sends the information to Kaspersky Security Center.

Enabling script files inventory significantly increases the time it takes to complete the Inventory task and the size of the database.

Run only when the computer is idle

Postponed start of the task when computer resources are busy. Kaspersky Endpoint Security starts the scan task if the computer is locked or if the screen saver is on. If you have interrupted the execution of the task, for example by unlocking the computer, Kaspersky Endpoint Security automatically runs the task, continuing from the point where it was interrupted. This schedule option lets you conserve computer resources when the computer is being used.

Scan only new and modified files

Scans only new files and those files that have been modified since the last time they were scanned. This helps reduce the duration of a scan. This mode applies both to simple and to compound files.

Skip file that is scanned for longer than N sec

This sets a time limit for scanning a single object. After the specified amount of time, the application stops scanning a file. This helps reduce the duration of a scan.

Scan archives

Scanning ZIP, GZIP, BZIP, RAR, TAR, ARJ, CAB, LHA, JAR, ICE, and other archives. The application scans archives not only by extension, but also by format. When checking archives, the application performs a recursive unpacking. This allows to detect threats inside multi-level archives (archive within an archive).

Scan distribution packages

Scanning distribution packages of third-party applications.

Do not unpack large compound files

If this check box is selected, the application does not scan compound files if their size exceeds the specified value.

If this check box is cleared, the application scans compound files of all sizes.

The application scans large files that are extracted from archives regardless of whether the check box is selected or not.

To open the properties window for an executable file in the Executable files folder:

  1. Open the Kaspersky Security Center Administration Console.
  2. In the Administration Console tree, select AdvancedApplication management → Executable files.
  3. Select an executable file.
  4. In the context menu of the executable file, select Properties.

To view general information about the application and its executable files, and the list of computers on which an application is installed, open the properties window of an application that is selected in the Applications registry folder or in the Executable files folder.

Updating the information about installed applications and executable files

Starting with Kaspersky Endpoint Security 12.3 for Windows, the operation of Application Control component with the database of executable files is optimized. Kaspersky Endpoint Security 12.3 for Windows automatically updates the database after the file is deleted from the computer. This allows keeping the database up to date and saving Kaspersky Security Center resources.

To keep the database of installed applications up to date, the sending of application information to the Administration Server must be enabled (it is enabled by default).

How to enable the submission of application information in Administration Console (MMC)

How to enable the submission of application information in Web Console and Cloud Console

Page top