Changing application control rules for trust groups and groups of applications
The optimal application control rules for different trust groups are created by default. The settings of rules for application group control inherit values from the settings of trust group application control rules. You can change predefined application control rules for trust groups and groups of applications.
To change the application control rules for a trust group or an application group in Kaspersky Security Center:
Open Kaspersky Security Center Administration Console.
In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
In the workspace, select the Policies tab.
Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
In the policy properties window, select the Application Privilege Control section in the list on the left.
In the right part of the window, in the Application rules section, click the Settings button located in the upper part of the section.
In the Applications window that opens, on the Application Privilege Control rules tab, in the list of applications, select the trust group or application group for which you want to change an application control rule.
Click the Edit button or open the context menu and select the Group rules item.
In the Application group control rule window that opens, perform one of the following actions:
To edit trust group control rules or rules for application group control that govern the rights of the trust group or application group to access the operating system registry, user files, and application settings, select the Files and system registry tab.
To edit trust group control rules or rules for application group control that govern the rights of the trust group or application group to access operating system processes and objects, select the Rights tab.
For the relevant resource, in the column of the corresponding action, open the context menu and select the necessary item:
Inherit.
Allow.
Block.
Log events.
If you are editing trust group control rules, the Inherit item is not available.
In the Application group control rules window, click OK.
In the Applications window, click OK.
Click the Apply button.
To change application control rules for a trust group or an application group in the local interface:
In the left part of the window, in the Endpoint control section, select Application Privilege Control.
In the right part of the window, the Application Privilege Control component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
Click the Applications button.
The Applications window opens on the Application Privilege Control rules tab.