After you configure Application Control in the Kaspersky Endpoint Security for Windows policies, the following events will be displayed in the list of events:
Application startup prohibited (Critical event). This event is displayed if you have configured Application Control to apply rules.
Application startup prohibited in test mode (Info event). This event is displayed if you have configured Application Control to test rules.
Message to administrator about application startup prohibition (Warning event). This event is displayed if you have configured Application Control to apply rules and a user has requested access to the application that is blocked at startup.
It is recommended to create event selections to view events related to Application Control operation.
You can add executable files related to Application Control events to an existing application category or to a new application category. You can add executable files only to an application category with content added manually.
To add executable files related to Application Control events to an application category:
In the main menu, go to MONITORING & REPORTING → EVENT SELECTIONS.
The list of event selections is displayed.
Select the event selection to view events related to Application Control and start this event selection.
If you have not created event selection related to Application Control, you can select and start a predefined selection, for example, Recent events.
The list of events is displayed.
Select the events whose associated executable files you want to add to the application category, and then click the Assign to category button.
The New Category Wizard starts. Proceed through the Wizard by using the Next button.
On the Wizard page, specify the relevant settings:
In the Action on executable file related to the event section, select one of the following options:
Files may be signed with a certificate. Multiple files may be signed with the same certificate. For example, different versions of the same application may be signed with the same certificate, or several different applications from the same vendor may be signed with the same certificate. When you select a certificate, several versions of an application or several applications from the same vendor may end up in the category.
Each file has its own unique SHA256 hash function. When you select an SHA256 hash function, only one corresponding file, for example, the defined application version, ends up in the category.
Select this option if you want to add to the category rules the certificate details of an executable file (or the SHA256 hash function for files without a certificate).
Files may be signed with a certificate. Multiple files may be signed with the same certificate. For example, different versions of the same application may be signed with the same certificate, or several different applications from the same vendor may be signed with the same certificate. When you select a certificate, several versions of an application or several applications from the same vendor may end up in the category.
Select this option if you want to add the certificate details of an executable file to the category rules. If the executable file has no certificate, this file will be skipped. No information about this file will be added to the category.
Each file has its own unique SHA256 hash function. When you select an SHA256 hash function, only one corresponding file, for example, the defined application version, ends up in the category.
Select this option if you want to add only the details of the SHA256 hash function of the executable file.
Each file has its own unique MD5 hash function. When you select an MD5 hash function, only one corresponding file, for example, the defined application version, ends up in the category.
Select this option if you want to add only the details of the MD5 hash function of the executable file. Computing of the MD5 hash function is supported by Kaspersky Endpoint Security 10 Service Pack 1 for Windows and all earlier versions.
Click OK.
When the Wizard finishes, executable files related to the Application Control events are added to the existing application category or to a new application category. You can view settings of the application category that you have modified or created.