Creating rules using the Rule Generator for Device Control task

To specify allowing device control rules for a group of protected devices using the Rule Generator for Device Control task:

1. Open the Settings window in the New Task Wizard.
2. Configure the following:
   • In the Mode section:
     • Consider system data about all external devices that have ever been connected.
     • Consider currently connected external devices only.
   • In the After task completes section:
     • Add allowing rules to the list of Device Control rules.
       

       The check box enables or disables adding the newly generated allowing rules to the list of Device Control rules. The list of Device Control rules is displayed when you click the Device Control rules link in the details pane of the Device Control node.

       If this check box is selected, Kaspersky Security for Windows Server adds the rules generated by the Rule Generator for Device Control task to the list of Device Control rules based on the selected principle for adding rules.

       If this check box is cleared, Kaspersky Security for Windows Server does not add the newly generated allowing rules to the list of Device Control rules. The generated rules are only exported to a file.

       The check box is cleared by default.

     • Principle of adding.
       

       This drop-down list is used to specify the method used to add the newly generated allowing rules to the list of Applications Launch Control rules.

       • Add to existing rules. The rules are added to the list of existing rules. Rules with identical settings are duplicated.
       • Replace existing rules. The rules replace the existing rules in the list.
       • Merge with existing rules. The rules are added to the list of existing rules. Rules with identical settings are not added; the rule is added if at least one rule parameter is unique.

       By default, the Merge with existing rules method is selected.

     • Export allowing rules to file.
       

       The check box enables or disables export of allowing rules for Device Control to a file.

       If the check box is selected, Kaspersky Security for Windows Server exports the allowing rules to the file specified in the field below when the Rule Generator for Device Control task is finished.

       If this check box is cleared, the application does not export the generated allowing rules to a file when the Rule Generator for Device Control task is finished. Instead, it only adds them to the list of Device Control rules.

       The check box is cleared by default.

     • Add computer details to file name.
       

       The check box enables or disables adding information about the protected device to the name of the file to which the allowing rules will be exported.

       If this check box is selected, the application adds the protected device name and the file creation date and time to the name of the export file.

       If the check box is cleared, the application does not add information about the protected device to the name of the export file.

       The check box is selected by default.

3. Click Next.
4. In the Schedule window, set the scheduled task start settings.
5. Click Next.
6. In the Selecting an account to run the task window, specify the account you want to use.
7. Click Next.
8. Specify a task name.
9. Click Next.

   The task name should be no longer than 100 characters and cannot contain the following symbols: " * < > & \ : |

   The Finish creating the task window opens.

10. You can optionally run the task after the Wizard finishes by selecting the Run task after Wizard finishes check box.
11. Click Finish to finish creating the task.
12. On the Tasks tab on the workspace of the group of protected devices being configured, in the list of group tasks select the Rule Generator for Device Control you have created.
13. Click the Start button to start the task.

    When the task is completed, automatically generated lists of allowing rules are saved in a shared folder in XML files.

    Before using the Device Control policy in the network, make certain that all protected devices have access to a shared network folder. If the organization’s policy does not provide for the use of a shared network folder in the network, it is recommended to start the Rule Generator for Device Control task for protected device control rules on the test protected device group or on a template machine.

Page top