Creating application categories for Kaspersky Endpoint Security for Windows policies
You can create application categories for Kaspersky Endpoint Security for Windows policies from the Application categories folder and from the Properties window of a Kaspersky Endpoint Security for Windows policy.
To create an application category for a Kaspersky Endpoint Security policy from the Application categories folder:
In the console tree, select Advanced → Application management → Application categories.
In the workspace of the Application categories folder, click the New category button.
The New category wizard starts.
On the Category type page, select the type of user category:
Category with content added manually. Specify the criteria that will be used to assign executable files to the category that is being created.
Category with content added automatically. Specify the folder from which executable files will be automatically assigned to the created category.
When you create a category with content added automatically, the application inventories the following file types: EXE, COM, DLL, SYS, BAT, PS1, CMD, JS, VBS, REG, MSI, MSC, CPL, HTML, HTM, DRV, OCX, and SCR.
Category, which includes executable files from the selected devices. Specify a device whose executable files must be automatically assigned to the category.
Follow the instructions of the wizard.
When the wizard finishes, a custom application category is created. You can view newly created categories by using the list of categories in the workspace of the Application categories folder.
If you want to export an application category to a KLC file, right-click the name of the category, select Export in the menu, and then in the window that opens, specify the file name and click Save.
You can also create an application category from the Policies folder.
To create an application category from the Properties window of a Kaspersky Endpoint Security for Windows policy:
In the console tree, select the Policies folder.
In the workspace of the Policies folder, select a Kaspersky Endpoint Security policy for which you want to create a category.
Right-click and select Properties.
In the Properties window that opens, in the left Sections pane select Security Controls → Application control.
In the Application control section, in the Control mode and Action drop-down lists make selections for the Allowlist or Denylist, and then click the Add button.
The Application Control rule window containing a list of categories opens.
Click the Create new button.
Enter the name of the new category and click OK.
The New category wizard starts.
On the Category type page, select the type of user category:
Category with content added manually. Specify the criteria that will be used to assign executable files to the category that is being created.
Category with content added automatically. Specify the folder from which executable files will be automatically assigned to the created category.
When you create a category with content added automatically, the application inventories the following file types: EXE, COM, DLL, SYS, BAT, PS1, CMD, JS, VBS, REG, MSI, MSC, CPL, HTML, HTM, DRV, OCX, and SCR.
Category, which includes executable files from the selected devices. Specify a device whose executable files must be automatically assigned to the category.
Follow the instructions of the wizard.
When the wizard finishes, a custom application category is created. You can view newly created categories in the list of categories.
Application categories are used by the Application Control component included in Kaspersky Endpoint Security for Windows. Application Control allows the administrator to impose restrictions on the startup of applications on client devices—for example, restricting the startups to applications in a specified category.