When running the Applications Launch Control task, Kaspersky Security for Windows Server monitors user's attempts to start applications and allows or denies start of these applications. The Applications Launch Control task relies on the Default Deny principle, which means that any applications that are not allowed in the task settings will be blocked automatically.
You can allow applications to start using one of the following methods:
The task gives top priority to denying the start of applications. For example, if an application is prevented from starting by one of the blocking rules, the application start will be denied regardless of the trusted conclusion for KSN. At that, if the application is not trusted by the KSN services but is included in the scope of an allowing rule, the application start will be denied.
All attempts to start applications are recorded in the task log.
The Applications Launch Control task can operate in one of two modes:
Launches of applications that do not fall within the scope of any rule specified in the Applications Launch Control task settings are denied regardless of the Applications Launch Control task settings.
The Applications Launch Control task cannot be started in Active mode if no rules have been created or if there are more than 65,535 rules for one protected device.
You can use this mode to create Applications Launch Control rules based on information recorded in the task log.
You can configure the Applications Launch Control task according to one of the following scenarios:
If operating system files fall within the scope of the Applications Launch Control task, we recommend that when creating Applications Launch Control rules you make sure that such applications are allowed by the newly created rules. Otherwise, the operating system may fail to start.
Kaspersky Security for Windows Server also intercepts processes launched under the Windows Subsystem for Linux (except for scripts run from the UNIX™ shell, or command line interpreters). For such processes, the Applications Launch Control task applies the action defined by the current configuration. The Rule Generator for Applications Launch Control task detects application launches and generates corresponding rules for applications running under the Windows Subsystem for Linux.
Page top