By default, the Applications Launch Control task has the settings described in the table below. You can change the values of these settings.
Default Applications Launch Control task settings
Setting |
Default value |
Description |
---|---|---|
Task mode |
Statistics only. The task records denied launch events and allowed launch events based on the set rules. Application launch is not actually denied. |
You can select Active mode after the final list of rules is generated. |
Repeat action taken for the first file launch on all the subsequent launches for this file |
Not applied |
You can repeat actions taken for the first file launch on all the subsequent launches for this file. |
Deny the command interpreters launch with no command to execute |
Not applied. |
You can deny launch of command interpreters with no command to execute. |
Rules managing |
Add policy rules to the local rules |
You can select a mode in which rules specified in a policy are applied together with the rules on the protected device. |
Rule usage scope |
The task controls the launch of executable files, scripts, and MSI packages.The task also monitors loading of DLL modules. |
You can specify the file types for which launch is controlled by rules. |
KSN Usage |
KSN application reputation data is not used. |
You can use KSN application reputation data when running the Applications Launch Control task. |
Automatically allow software distribution via applications and packages listed |
Not applied. |
You can allow software distribution using the installers and applications specified in the settings. By default, software distribution is only allowed using the Windows Installer service. |
Always allow software distribution via Windows Installer |
Applied (can be changed only when the Automatically allow software distribution via applications and packages listed setting is enabled). |
You can allow any software installation or update if the operations are performed via Windows Installer. |
Always allow software distribution via SCCM using the Background Intelligent Transfer Service |
Not applied (can be changed only when the Automatically allow software distribution via applications and packages listed setting is enabled). |
You can turn on or off automatic software distribution using the System Center Configuration Manager. |
Task start |
First run is not scheduled. |
The Applications Launch Control task does not start automatically at start of Kaspersky Industrial CyberSecurity for Nodes. You can start the task manually or configure a scheduled start. |
Rule Generator for Applications Launch Control task default settings
Setting |
Default Value |
Description |
---|---|---|
Prefix for allowing rules names |
Identical to the name of the protected device on which Kaspersky Industrial CyberSecurity for Nodes is installed. |
You can change the prefix for names of allowing rules. |
Allowing rules usage scope |
The scope of allowing rules includes the following file categories by default:
|
You can change the protection scope by adding or removing folder paths and specifying the types of files that will be allowed to launch by the automatically generated rules. You can also ignore running applications when creating allowing rules. |
Criteria for generation of allowing rules |
The digital certificate subject and thumbprint are used; rules are generated for all users and groups of users. |
You can use the SHA256 hash when generating allowing rules. You can select a user and group of users for which allowing rules need to be automatically generated. |
Actions upon task completion |
Allowing rules are added to the list of Applications Launch Control rules; new rules are merged with existing rules; duplicate rules are removed. |
You can add rules to the existing rules without merging them and without deleting duplicate rules, or replace existing rules with the new allowing rules, or configure export of the allowing rules to a file. |
Task launch settings with permissions |
The task is started under a system account. |
You can allow the Rule Generator for Applications Launch Control task to start under a system account or using the permissions of a specified user. |
Task start schedule |
First run is not scheduled. |
The Rule Generator for Applications Launch Control task does not start automatically when Kaspersky Industrial CyberSecurity for Nodes starts. You can start the task manually or configure a scheduled start. |