Scenario: Application Management

You can manage applications startup on client devices. You can allow or block applications to be run on managed devices. This functionality is realized by Application Control component. You can manage applications installed only on Windows devices.

Prerequisites

Before you start, make sure that the following prerequisites are met:

Stages

Application Control usage scenario proceeds in stages:

  1. Forming and viewing the list of applications on client devices

    This stage helps you find out what applications are installed on managed devices. You can view the list of applications and decide which applications you want to allow and which you want to prohibit, according to your organization's security policies. The restrictions can be related to the information security polices in your organization. You can skip this stage if you know exactly what applications are installed on managed devices.

    How-to instructions: Obtaining and viewing a list of applications installed on client devices

  2. Forming and viewing the list of executable files on client devices

    This stage helps you find out what executable files are found on managed devices. View the list of executable files and compare it with the lists of allowed and prohibited executable files. The restrictions on executable files usage can be related to the information security polices in your organization. You can skip this stage if you know exactly what executable files are installed on managed devices.

    How-to instructions: Obtaining and viewing a list of executable files installed on client devices

  3. Creating application categories for the applications used in your organization

    Analyze the lists of applications and executable files installed on managed devices. Basing on the analysis, create application categories. It is recommended to create a "Work applications" category that covers the standard set of applications that are used at your organization. If different user groups use different sets of applications in their work, a separate application category can be created for each user group.

    Depending the set of criteria to create an application category, you can create application categories of two types.

    How-to instructions: Creating application category with content added manually, Creating application category that includes executable files from selected devices

  4. Configuring Application Control in the Kaspersky Endpoint Security for Windows policy

    Configure the Application Control component in Kaspersky Endpoint Security for Windows policy using the application categories you have created on the previous stage.

    How-to instructions: Configuring Application Control in the Kaspersky Endpoint Security for Windows policy

  5. Turning on Application Control component in test mode

    To ensure that Application Control rules do not block applications required for user's work, it is recommended to enable testing of Application Control rules and analyze their operation after creating new rules. When testing is enabled, Kaspersky Endpoint Security for Windows will not block applications whose startup is forbidden by Application Control rules, but will instead send notifications about their startup to the Administration Server.

    When testing Application Control rules, it is recommended to perform the following actions:

    • Determine the testing period. Testing period can vary from several days to two months.
    • Examine the events resulting from testing the operation of Application Control.

    How-to instructions: Configuring Application Control component in the Kaspersky Endpoint Security for Windows policy. Follow this instruction and enable Test Mode option in configuration process.

  6. Changing the application categories settings of Application Control component

    If necessary, make changes to the Application Control settings. Based on the test results, you can add executable files related to events of the Application Control component to an application category with content added manually.

    How-to instructions: Adding event-related executable files to the application category

  7. Applying the rules of Application Control in operation mode

    After Application Control rules were tested and configuration of application categories is completed, you can apply the rules of Application Control in operation mode.

    How-to instructions: Configuring Application Control component in the Kaspersky Endpoint Security for Windows policy. Follow this instruction and disable Test Mode option in configuration process.

  8. Verifying Application Control configuration

    Make sure of the following:

    • The list of application categories is not empty. View the list of application categories and make sure it contains the categories you have configured.
    • Application Control is configured using created application categories. View the settings of the Kaspersky Endpoint Security for Windows policy and make sure you have configured Application Control in the Application settings → Security Controls → Application Control.
    • The rules of Application Control are applied in operation mode. Check the mode in the Kaspersky Endpoint Security for Windows policy and make sure you have disabled the Test mode in the Application settings → Security Controls Application Control.

Results

When the scenario is complete, applications startup on managed devices is controlled. The users can start only applications that are allowed in your organization and cannot start applications that are prohibited in your organization.

For detailed information about Application Control, refer to the Kaspersky Endpoint Security for Windows Online Help.

Page top