Creating an application category with content added manually

Expand all | Collapse all

You can specify a set of criteria as a template of executable files for which you want to allow or block a start in your organization. On the basis of executable files corresponding to the criteria, you can create an application category and use it in the Application Control component configuration.

To create an application category with content added manually:

1. In the main menu, go to Operations → Third-party applications → Application categories.

   The page with a list of application categories is displayed.

2. Click the Add button.

   The New category wizard starts. Proceed through the wizard by using the Next button.

3. On the Select category creation method step, specify the application category name and select the Category with content added manually. Data of executable files is manually added to the category option.
4. On the Conditions step, click the Add button to add a condition criterion to include files in the creating category.
5. On the Condition criteria step, select a rule type for the creation of category from the list:
   • From KL category

     If this option is selected, you can specify a Kaspersky application category as the condition of adding applications to the user category. The applications from the specified Kaspersky category will be added to the user application category.

   • Select certificate from repository

     If this option is selected, you can specify certificates from the storage. Executable files that have been signed in accordance with the specified certificates will be added to the user category.

   • Specify path to application (masks supported)

     If this option is selected, you can specify the path to the folder on the client device containing the executable files that are to be added to the user application category.

   • Removable drive

     If this option is selected, you can specify the type of the medium (any drive or removable drive) on which the application is run. Applications that have been run on the selected drive type are added to the user application category.

   • Hash, metadata, or certificate:
     • Select from list of executable files

       If this option is selected, you can use the list of executable files on the client device to select and add applications to the category.

     • Select from applications registry

       If this option is selected, application registry is displayed. You can select an application from the registry and specify the following file metadata:

       • File name.
       • File version. You can specify precise value of the version or describe a condition, for example "greater than 5.0".
       • Application name.
       • Application version. You can specify precise value of the version or describe a condition, for example "greater than 5.0".
       • Vendor.
     • Specify manually

       If this option is selected, you must specify file hash, or metadata, or certificate as the condition of adding applications to the user category.

       File Hash

       Depending on the version of the security application installed on devices on your network, you should select an algorithm for hash value computing by Kaspersky Security Center Linux for files in this category. Information about computed hash values is stored in the Administration Server database. Storage of hash values does not increase the database size significantly.

       SHA256 is a cryptographic hash function: no vulnerabilities have been found in its algorithm, and so it is considered the most reliable cryptographic function nowadays. Kaspersky Endpoint Security for Linux supports SHA256 computing.

       Select either of the options of hash value computing by Kaspersky Security Center Linux for files in the category:

       • If all instances of security applications installed on your network are Kaspersky Endpoint Security for Linux, select the SHA256 check box.
       • Select the MD5 hash check box only if you use Kaspersky Endpoint Security for Windows. Kaspersky Endpoint Security for Linux does not support the MD5 hash function.

       Metadata

       If this option is selected, you can specify file metadata as file name, file version, vendor. The metadata will be sent to Administration Server. Executable files that contain the same metadata will be added to the application category.

       Certificate

       If this option is selected, you can specify certificates from the storage. Executable files that have been signed in accordance with the specified certificates will be added to the user category.

     • From archived folder

       If this option is selected, you can specify a file of an archived folder, and then select which condition you want to use to add applications to the user category. The archived folder is unpacked and the conditions that you select are applied to the files in the folder. As a condition, you can select one of the following criteria:

       • File Hash

         You select which hash function (MD5 or SHA256) you want to use to calculate hash values. The applications that have the same hash value as the files in the archived folder are added to the user application category.

         Select an MD5 hash function only if you use Kaspersky Endpoint Security for Windows. Kaspersky Endpoint Security for Linux does not support the MD5 hash function.

       • Metadata

         You select which metadata you want to use as criteria. Executable files that contain the same metadata will be added to the user application category.

       • Certificate

         You select which certificate properties (certificate subject, fingerprint, or issuer) you want to use as criteria. Executable files that have been signed with the certificates that have the same properties will be added to the user category.

       If this option is selected, you can specify a file of an archived folder, and then select which condition you want to use to add applications to the user category. The archived folder is unpacked and the conditions that you select are applied to the files in the folder. As a condition, you can select one of the following criteria:

       • File Hash

         You select which hash function (MD5 or SHA256) you want to use to calculate hash values. The applications that have the same hash value as the files in the archived folder are added to the user application category.

         Select an MD5 hash function only if you use Kaspersky Endpoint Security for Windows. Kaspersky Endpoint Security for Linux does not support the MD5 hash function.

       • Metadata

         You select which metadata you want to use as criteria. Executable files that contain the same metadata will be added to the user application category.

       • Certificate

         You select which certificate properties (certificate subject, fingerprint, or issuer) you want to use as criteria. Executable files that have been signed with the certificates that have the same properties will be added to the user category.

   The selected criterion is added to the list of conditions.

   You can add as many criteria for the creating application category as you need.

6. On the Exclusions step, click the Add button to add an exclusive condition criterion to exclude files from the category that is being created.
7. On the Condition criteria step, select a rule type from the list, in the same way that you selected a rule type for category creation.

When the wizard finishes, the application category is created. It is displayed in the list of application categories. You can use the created application category when you configure Application Control.

For detailed information about Application Control, refer to the Kaspersky Endpoint Security for Linux Help and Kaspersky Endpoint Security for Windows Help.

See also: Using Application Control to manage executable files

Page top