Application rules / Group rules

File

(only in the Application rules window)

Reference information about an application and about the application's executable file. Kaspersky Internet Security receives information about an application from the application's executable file and from Kaspersky Security Network.

Files and system registry

Rules for accessing system registry keys and files related to operation of the operating system or to your personal data.

The individual access settings for read, write, create, and delete operations can be defined independently by using the menu in the cells of the corresponding table columns. The menu items are described in the Application Control rules section.

Rights

Rights to access operating system resources and processes, and startup rights. You can set access rights by using the menu in the cells of the Action column. The menu items are described in the Application Control rules section.

Network rules

Rules applied by Kaspersky Internet Security to regulate the network activity of an application or application group.

By default, the list displays the predefined application network rules that are recommended by Kaspersky experts. You cannot delete or edit predefined network rules (except changing the action in the Permission column; please refer to the description of available actions in the Application Control rules section).

When adding or editing a rule, you can define the following settings:

• Action:
  • Allow. Kaspersky Internet Security allows the network connection.
  • Block. Kaspersky Internet Security blocks the network connection.
  • Ask user. If the Perform recommended actions automatically check box is cleared under Settings → General, Kaspersky Internet Security asks the user to decide whether or not to allow or deny the network connection. If the check box is selected, the action is chosen automatically. You can follow the footnote in the application window to read about exactly which action will be selected.
• Name.
• Direction:
  • Inbound. Kaspersky Internet Security applies the rule to network connections opened by a remote computer.
  • Outbound. Kaspersky Internet Security applies the rule to the network connection that was opened by your computer.
  • Inbound/Outbound. Kaspersky Internet Security applies the rule both to inbound and outbound data packets or streams, regardless of which computer (your computer or a remote computer) initiated the network connection.
• Protocol.
• ICMP settings. You can specify the type and code of data packets to be scanned. The settings section is available if the ICMP or ICMPv6 protocols are selected.
• Remote ports (ports of a remote computer).
• Local ports (ports of your computer).

You can specify a range of remote or local ports (for example, 6660–7000), list multiple ports separated by commas, or combine both methods (for example, 80–83,443,1080).

• Address:
  • Any address.
  • Subnet addresses. Kaspersky Internet Security will apply the rule to IP addresses of all networks that are currently connected and are of the specified type (Public, Local or Trusted). The network type can be selected from the drop-down list that is displayed below if the Subnet addresses option is selected.
  • Addresses from the list. Kaspersky Internet Security applies the rule to IP addresses within the specified range. You can specify IP addresses in the Remote addresses field, which is displayed below if the Addresses from the list option is selected.
• Network adapters traversed by network packets.
• Use of TTL. Kaspersky Internet Security controls the transmission of network packets whose time to live (TTL) does not exceed the specified value.
• Logging events to a Kaspersky Internet Security report.

To quickly add a rule, you can select one of the predefined templates in the drop-down list in the lower part of the window.

Exclusions

(only in the Application rules window)

You can select rules that will be used by Kaspersky Internet Security to exclude an application from scans:

• Do not scan opened files.
• Do not monitor application activity. Application Control does not monitor any application activity.
• Do not inherit restrictions from the (application’s) parent process If restrictions of a parent process or application are not inherited, application activity is monitored according to your defined rules or according to the rules of the trust group to which the application belongs.
• Do not monitor the activity of child applications.
• Do not block interaction with the Kaspersky Internet Security interface. The application is allowed to manage Kaspersky Internet Security by using the Kaspersky Internet Security graphical interface. You may need to allow the application to manage the interface of Kaspersky Internet Security when using a remote desktop connection application or an application supporting the operation of a data input device. Examples of such devices include touch pads and graphic tablets.
• Do not scan all traffic (or encrypted traffic). Depending on the selected option (Do not scan all traffic or Do not scan encrypted traffic), Kaspersky Internet Security excludes all network traffic of the application or traffic transmitted over SSL from being scanned. The value of this setting does not affect Firewall operation: Firewall scans application traffic in accordance with Firewall settings. Exclusions affect Mail Anti-Virus, Web Anti-Virus, and Anti-Spam. You can specify the IP addresses or network ports to which the traffic control restriction must apply.

History

(only in the Application rules window)

Reference information about actions taken on the application, such as starting the application or assigning a trust group.

Kaspersky Internet Security assigns trust groups to all applications started on a computer depending on the level of danger that these applications pose to the system.

The trust groups are as follows:

• Trusted. This group is for applications that have a digital signature from trusted vendors, and applications that have a record in the database of trusted applications. These applications are not restricted from any activity in the system. Activity of these applications is monitored by Proactive Defense and File Anti-Virus.
• Low Restricted. This group is for applications that do not have a digital signature from trusted vendors or corresponding records in the database of trusted applications but pose a low level of threat (based on Kaspersky Security Network data). They are allowed to perform specific operations, such as access to other processes, management of the system, and hidden network access. User permission is required for most operations.
• High Restricted. This group is for applications that do not have a digital signature or records in the database of trusted applications. These applications pose a medium level of threat. Applications in this group require user permission to perform most operations in the system.
• Untrusted. This group is for applications that do not have a digital signature or records in the database of trusted applications. These applications have a high threat level. Kaspersky Internet Security blocks all activity of these applications.