Application Control

The Application Control component allows you to manage the launch of applications on protected devices. Application Control lowers the risk of device infection by limiting users' access to applications.

Application launching is regulated by Application Control rules.

The Application Control component can apply rules in one of two ways:

• Denylist. Kaspersky Industrial CyberSecurity for Linux Nodes allows all users to launch all applications except those listed in Application Control rules. By default, Application Control uses this method.
• Allowlist. Kaspersky Industrial CyberSecurity for Linux Nodes prohibits all users to launch all applications except those listed in Application Control rules.

If the Application Control rules are created to the fullest extent possible, Kaspersky Industrial CyberSecurity for Linux Nodes blocks the launch of all new applications that are not verified by the administrator of the organization's local network, but ensures the performance of the operating system and verified applications that users need to perform their job duties.

The Kaspersky Security Center administrator or a local user with the admin role assigned in the application can allow or deny process start under the root account using the Application Control.

Application Control is disabled by default. You can enable or disable Application Control, and also configure the component's operation settings:

• Select the way Application Control rules are applied: allowlist or denylist.
• Create Application Control rules.
• Select what Application Control does when an attempt is detected to run an application that matches the rules: block the application or inform about an attempt to run an application that matches the rules.
• Through Kaspersky Security Center, export and import Application Control settings, configured rules, and created application categories on a managed device.

You can get information about applications installed on protected devices using the Inventory task.

Application Control does not control the launch of Snap, Flatpak, or AppImage applications.

The Application Control task does not control the running of scripts from interpreters that are not supported by Kaspersky Industrial CyberSecurity for Linux Nodes, or the running of scripts that are not passed to the interpreter via the command line. Kaspersky Industrial CyberSecurity for Linux Nodes supports the following interpreters: python, perl, bash, ssh.

If the interpreter is allowed to run by the Application Control rules, Kaspersky Industrial CyberSecurity for Linux Nodes does not block the script started from this interpreter. If at least one script specified in the interpreter command line is prohibited from running by the Application Control rules, Kaspersky Industrial CyberSecurity for Linux Nodes blocks all the scripts specified in the interpreter command line. Exclusion: cat script.py | python.

In this Help section About Application Control rules Configuring Application Control in the Web Console Configuring Application Control in the Administration Console Exporting and importing settings and categories via Kaspersky Security Center Configuring Application Control in the command line

Page top