Actions to perform during automatic rule generation
To configure the actions of Kaspersky Security for Windows Server during the running and upon the completion of the Rule Generator for Applications Launch Control task:
Open the Task settings window of the Rule Generator for Applications Launch Control task.
Open the Options tab.
In the While generating allowing rules section, configure the following settings:
If this option is selected, the presence of a digital certificate is specified as a rule-triggering criterion in the settings of the newly generated allowing rules for Applications Launch Control. The application will now allow start of programs launched using files with a digital certificate. We recommend this option if you want to allow the start of any applications that are trusted in the operating system.
The check box enables or disables the use of the subject and thumbprint of the file's digital certificate as a criterion for triggering the allowing rules for Applications Launch Control. Selecting this check box lets you specify stricter digital certificate verification conditions.
If this check box is selected, the subject and thumbprint values of the digital certificate of files for which the rules are generated are set as a criterion for triggering the allowing rules for Applications Launch Control. Kaspersky Security for Windows Server will allow applications that are launched using files with the specified thumbprint and digital certificate.
Selecting this check box highly restricts the triggering of allowing rules based on a digital certificate because a thumbprint is a unique identifier of a digital certificate and cannot be forged.
If this check box is cleared, the existence of any digital certificate that is trusted in the operating system is set as a criterion for triggering the allowing rules for Applications Launch Control.
This check box is active if the Use digital certificate option is selected.
This is a drop-down list that allows you to select the criterion for triggering an allowing rule for Applications Launch Control if the file used to generate the rule, has no digital certificate.
SHA256 hash. The checksum of the file used to generate the rule is set as a criterion for triggering the allowing rule for Applications Launch Control. The application will allow start of programs launched using files with the specified checksum.
path to file. The path to the file used to generate the rule is set as a criterion for triggering the allowing rule for Applications Launch Control. The application will now allow start of programs launched using files located in the folders specified in the Create allowing rules for applications from the folders table in the Settings section.
If this option is selected, the checksum of the file used to generate the rule is specified as a rule-triggering criterion in the settings of the newly generated allowing rules for Applications Launch Control. The application will allow start of programs launched using files with the specified checksum.
We recommend this option for cases when the generated rules must achieve the highest level of security: a SHA256 checksum may be used as a unique file ID. Using a SHA256 checksum as a rule-triggering criterion restricts the rule usage scope to one file.
The check box enables or disables adding the newly generated allowing rules to the list of Applications Launch Control rules. The list of Applications Launch Control rules is displayed when you click the Applications Launch Control rules link in the details pane of the Applications Launch Control node.
If this check box is selected, Kaspersky Security for Windows Server adds the rules generated by the Rule Generator for Applications Launch Control task to the list of Applications Launch Control rules based on the selected principle for adding rules.
If this check box is cleared, Kaspersky Security for Windows Server does not add the newly generated allowing rules to the list of Applications Launch Control rules. The generated rules are only exported to a file.
This drop-down list is used to specify the method used to add the newly generated allowing rules to the list of Applications Launch Control rules.
Add to existing rules. The rules are added to the list of existing rules. Rules with identical settings are duplicated.
Replace existing rules. The rules replace the existing rules in the list.
Merge with existing rules. The rules are added to the list of existing rules. Rules with identical settings are not added; the rule is added if at least one rule parameter is unique.
By default, the Merge with existing rules method is selected.