Configuring application startup management on client devices

Categorization of applications allows you to optimize management of application runs on devices. You can create an application category and configure Application Control for a policy so only applications from the specified category will be started on devices to which that policy is applied. For example, you have created a category that includes applications named Application_1 and Application_2. After you add this category to a policy, only two applications are allowed to start on devices to which that policy is applied: Application_1 and Application_2. If a user attempts to start an application that has not been included in that category, for example, Application_3, this application is blocked from being started. The user is shown a notification stating that Application_3 is blocked from starting, in accordance with an Application Control rule. You can create a category with content added automatically based on various criteria from a specific folder. In this case, files are automatically added to the category from the specified folder. Executable files of applications are copied to the specified folder and processed automatically; their metrics are added to the category.

To configure the applications run management on client devices:

In the Advanced → Application management folder in the console tree, select the Application categories subfolder.
In the workspace of the Application categories folder, create a category of applications that you want to manage while they are being started.
In the Managed devices folder, on the Policies tab click the New policy button to create a new policy for Kaspersky Endpoint Security for Windows, and follow the instructions of the Wizard.
If such a policy already exists, you can skip this step. You can configure management of the startup of applications in a specified category through the settings of this policy. The newly created policy is displayed in the Managed devices folder on the Policies tab.
Select Properties from the context menu of the policy for Kaspersky Endpoint Security for Windows.
The properties window of the policy for Kaspersky Endpoint Security for Windows opens.
In the properties window of the Kaspersky Endpoint Security for Windows policy, in the Security Controls → Application Control section, select the Application Control check box.
Click the Add button.
The Application Control rule window opens.
In the Application Control rule window, in the Category drop-down list select the application category that the startup rule will cover. Configure the startup rule for the selected application category.
For Kaspersky Endpoint Security 10 Service Pack 2 and later, no categories are displayed if they were created upon the criterion of the MD5 hash of an executable file.

We do not recommend that you add any categories created according to the criterion of the SHA-256 hash of an executable file for versions earlier than Kaspersky Endpoint Security 10 Service Pack 2. This may result in application failures.

Detailed instructions on configuring control rules are provided in the Kaspersky Endpoint Security for Windows Online Help.
Click OK.

Applications will be run on devices included in the specified category according to the rule that you created. The newly created rule is displayed in the properties window of the Kaspersky Endpoint Security for Windows policy, in the Application Control section.