If this option is selected, the presence of a digital certificate is specified as a rule-triggering criterion in the settings of the newly generated allowing rules for Applications Launch Control. The application will now allow start of programs launched using files with a digital certificate. We recommend this option if you want to allow the start of any applications that are trusted in the operating system.
The check box enables or disables the use of the subject and thumbprint of the file's digital certificate as a criterion for triggering the allowing rules for Applications Launch Control. Selecting this check box lets you specify stricter digital certificate verification conditions.
If this check box is selected, the subject and thumbprint values of the digital certificate of files for which the rules are generated are set as a criterion for triggering the allowing rules for Applications Launch Control. Kaspersky Security for Windows Server will allow applications that are launched using files with the specified thumbprint and digital certificate.
Selecting this check box highly restricts the triggering of allowing rules based on a digital certificate because a thumbprint is a unique identifier of a digital certificate and cannot be forged.
If this check box is cleared, the existence of any digital certificate that is trusted in the operating system is set as a criterion for triggering the allowing rules for Applications Launch Control.
This check box is active if the Use digital certificate option is selected.
This is a drop-down list that allows you to select the criterion for triggering an allowing rule for Applications Launch Control if the file used to generate the rule, has no digital certificate.
SHA256 hash. The checksum of the file used to generate the rule is set as a criterion for triggering the allowing rule for Applications Launch Control. The application will allow start of programs launched using files with the specified checksum.
path to file. The path to the file used to generate the rule is set as a criterion for triggering the allowing rule for Applications Launch Control. The application will now allow start of programs launched using files located in the folders specified in the Create allowing rules for applications from the folders table in the Settings section.
If this option is selected, the checksum of the file used to generate the rule is specified as a rule-triggering criterion in the settings of the newly generated allowing rules for Applications Launch Control. The application will allow start of programs launched using files with the specified checksum.
We recommend this option for cases when the generated rules must achieve the highest level of security: a SHA256 checksum may be used as a unique file ID. Using a SHA256 checksum as a rule-triggering criterion restricts the rule usage scope to one file.