About the Applications Launch Control task

When running the Applications Launch Control task, Kaspersky Security for Windows Server monitors user's attempts to start applications and allows or denies start of these applications. The Applications Launch Control task relies on the Default Deny principle, which means that any applications that are not allowed in the task settings will be blocked automatically.

You can allow applications to start using one of the following methods:

• Set allowing rules for trusted applications.
• Check trusted applications reputation in KSN on launch.

The task gives top priority to denying the start of applications. For example, if an application is prevented from starting by one of the blocking rules, the application start will be denied regardless of the trusted conclusion for KSN. At that, if the application is not trusted by the KSN services but is included in the scope of an allowing rule, the application start will be denied.

All attempts to start applications are recorded in the task log.

The Applications Launch Control task can operate in one of two modes:

• Active. Kaspersky Security for Windows Server uses a set of rules to control the start of applications that fall within the scope of the Applications Launch Control rules. The scope of the Applications Launch Control rules is specified in the settings of this task. If an application falls within the scope of the Applications Launch Control rules, and the task settings do not satisfy any specified rule, the application launch will be denied.

  Launches of applications that do not fall within the scope of any rule specified in the Applications Launch Control task settings are denied regardless of the Applications Launch Control task settings.

  The Applications Launch Control task cannot be started in Active mode if no rules have been created or if there are more than 65,535 rules for one protected device.

• Statistics only. Kaspersky Security for Windows Server does not use Applications Launch Control rules to allow or deny the start of applications. Instead, it only records information about application starts, rules satisfied by running applications, and actions that would have been performed if the task was running in Active mode. All applications are allowed to start. This mode is set by default.

  You can use this mode to create Applications Launch Control rules based on information recorded in the task log.

You can configure the Applications Launch Control task according to one of the following scenarios:

• Advanced rule configuration and usage for Application Launch Control.
• Basic rules configuration and KSN usage for Application Launch Control.

If operating system files fall within the scope of the Applications Launch Control task, we recommend that when creating Applications Launch Control rules you make sure that such applications are allowed by the newly created rules. Otherwise, the operating system may fail to start.

Kaspersky Security for Windows Server also intercepts processes launched under the Windows Subsystem for Linux (except for scripts run from the UNIX™ shell, or command line interpreters). For such processes, the Applications Launch Control task applies the action defined by the current configuration. The Rule Generator for Applications Launch Control task detects application launches and generates corresponding rules for applications running under the Windows Subsystem for Linux.

Page top