The Kaspersky Security functionality described in this section is available on virtual machines running Windows desktop operating systems. If the application is installed on a virtual machine running a Windows server operating system, this functionality is available only if you are using the application under an enterprise license.
The Application Startup Control monitors attempts to start applications on the virtual machine and regulates the startup of applications by means of Application Startup Control rules.
Application Startup Control can operate in two modes:
This mode of Application Startup Control is enabled by default.
For each Application Startup Control mode, you can create separate rules and select the action that Application Startup Control must take when there is an attempt to start an application that is not allowed by the rule: inform about the startup of the application or block the startup of the application.
If a virtual machine user believes that the startup of an application was blocked by mistake, the user can send a complaint to the corporate LAN administrator by clicking the link in the block notification text. Special templates are available for the message that is displayed when an application is blocked from starting, and for the complaint to the administrator regarding an application that was blocked by mistake. You can modify the message templates.
All attempts to start applications that are not allowed by Application Startup Control rules on a protected virtual machine are recorded in reports.
Application Startup Control component is disabled by default, you can enable Application Startup Control if necessary.
If you use Kaspersky Security to protect the virtual infrastructure based on Citrix Virtual Apps and Desktops (Citrix XenApp and XenDesktop) and plan to use Citrix App Layers to store user data, Application Startup Control may block interaction between Citrix Virtual Apps and Desktops and Citrix App Layer. If you want to use Application Startup Control in the Allowlist of applications mode, create an allow rule for the LayerInfo.exe file. To do this, create a manually updatable application category, add the c:\program files\unidesk\layering services\LayerInfo.exe path to it and create an allow rule based on this category.
Application Startup Control is configured in Kaspersky Security Center. You can perform the following actions for configuring Application Startup Control in Kaspersky Security Center:
This section describes how to configure Application Startup Control settings using the Administration Console and the Light Agent for Windows local interface. You can also configure Application Startup Control settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Endpoint control → Application Startup Control).