Creating an application category that includes executable files from selected devices

Expand all | Collapse all

You can use executable files from selected devices as a template of executable files that you want to allow or block. Based on executable files from selected devices, you can create an application category and use it in the Application Control component configuration.

To retrieve the list of executable files from devices:

1. Ensure that the policy of Kaspersky Endpoint Security for Windows or Kaspersky Endpoint Security for Linux is created and is active. Enable the Application Control component in the policy.
2. Obtain a list of executable files stored on client devices.

To create application category that includes executable files from selected devices:

1. In the console tree, in the Advanced → Application management folder select the Application categories subfolder.
2. Click the New category button.

   The New category wizard starts. Proceed through the wizard by using the Next button.

3. On the Category type wizard page, select Category that includes executable files from selected devices as the user category type.
4. On the Enter the application category name wizard page, enter the new application category name.
5. On the Settings wizard page, click the Add button.
6. Select a device or devices whose executable files will be used to create the application category.
7. Specify the following settings:
   • Hash value computing algorithm

     Depending on the version of the security application installed on devices on your network, you must select an algorithm for hash value computing by Kaspersky Security Center for files in this category. Information about computed hash values is stored in the Administration Server database. Storage of hash values does not increase the database size significantly.

     SHA256 is a cryptographic hash function: no vulnerabilities have been found in its algorithm, and so it is considered the most reliable cryptographic function nowadays. Kaspersky Endpoint Security 10 Service Pack 2 for Windows and later versions support SHA256 computing. Computing of the MD5 hash function is supported by all versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows.

     Select either of the options of hash value computing by Kaspersky Security Center for files in the category:

     • If all instances of security applications installed on your network are Kaspersky Endpoint Security 10 Service Pack 2 for Windows or later versions, select the SHA256 check box. We do not recommend that you add any categories created according to the criterion of the SHA256 hash of an executable file for versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows. This may result in failures in the security application operation. In this case, you can use the MD5 cryptographic hash function for files of the category.
     • If any versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows are installed on your network, select the MD5 hash. You cannot add a category that was created based on the criterion of the MD5 checksum of an executable file for Kaspersky Endpoint Security 10 Service Pack 2 for Windows or later versions. In this case, you can use the SHA256 cryptographic hash function for files of the category.

     If different devices on your network use both earlier and later versions of Kaspersky Endpoint Security 10, select both the SHA256 check box and the MD5 hash check box.

     The Calculate SHA256 for files in this category (supported by Kaspersky Endpoint Security 10 Service Pack 2 for Windows and any later versions) check box is selected by default.

     The Calculate MD5 for files in this category (supported by versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows) is cleared by default.

   • Synchronize data with Administration Server repository

     Select this option if you want that Administration Server periodically to check changes in the specified folder (or folders).

     By default, this option is disabled.

     If you enable this option, specify the period (in hours) to check changes in the specified folder (folders). By default, scan interval is 24 hours.

8. On the Filter wizard page, specify the following settings:
   • File type

     In this section, you can specify file type that is used to create the application category.

     All files. All files are taken into consideration when creating the category. By default, this option is selected.

     Only files outside the application categories. Only files outside the application categories are taken into consideration when creating the category.

   • Folders

     In this section you can specify which folders from the selected device (devices) contain files that are used to create the application category.

     All folders. All folders are taken into consideration for the creating category. By default, this option is selected.

     Specified folder. Only specified folder is taken into consideration for the creating category. If you select this option you must specify path to the folder.

9. On the Creating the application category wizard page, click the Finish button.

When the wizard has completed, a user application category is created. You can view the newly created category using the list of categories in the workspace of the Application categories folder.

Page top