When an application is started on the protected virtual machine for the first time, Application Privilege Control scans the application and places it in one of the trust groups.
At the first stage of the application scan, Application Privilege Control searches the internal database of known applications for a matching entry and then sends a request to the Kaspersky Security Network database (if an Internet connection is available). If the application matches an entry in the Kaspersky Security Network database, the application is assigned to the trust group that is specified in the Kaspersky Security Network database. Each time the application is started, Application Privilege Control sends a new query to the KSN database and places the application into a different trust group if the reputation of the application in the KSN database has changed.
By default, Kaspersky Security uses the heuristic analysis to assign unknown applications (those not included in the KSN database and lacking the signature of a trusted vendor) to trust groups. During heuristic analysis, Kaspersky Security determines the threat level of an application and puts the application into a specific trust group based on that threat level. Instead of using heuristic analysis, you can specify a trust group to which Kaspersky Security automatically assigns all unknown applications.
By default, Application Privilege Control scans an application for 30 seconds. If the threat level of the application has not been determined after this time, Application Privilege Control assigns the application to the Low Restriction group and continues its attempt to determine the threat level of the application in background mode. Application Privilege Control then assigns the application to the appropriate trust group. You can change the amount of time that is allocated for determining the threat level of applications that are started. If you are certain that all applications that are launched on the protected virtual machine do not pose a threat to security, you can reduce the amount of time that is allocated for determining the threat level of applications. If you install applications whose safety is questionable on the protected virtual machine, you are advised to increase the amount of time that is allocated for determining the threat level of applications.
If an application has a high threat level, Kaspersky Security notifies the user, prompting you to choose a trust group to which this application is to be assigned. This notification contains statistics about use of the application by Kaspersky Security Network participants. Based on these statistics and knowing how the application appeared on the virtual machine, you can make an objective choice on which trust group to place the application in.