Configuring Rule Generator for Device Control task

To configure the Rule Generator for Device Control task:

In the Application Console tree, expand the Automated rule generators node.
Select the Rule Generator for Device Control child node.
Click the Properties link in the details pane of the Rule Generator for Device Control node.
The Task settings window opens.
On the General tab, select the task operation mode in the Task mode section:
- Consider system data about all external devices that have ever been connected.
- Consider currently connected external devices only.
In the After task completes section, specify the actions that must be performed by Kaspersky Security for Windows Server upon task completion:
- Add allowing rules to the list of Device Control rules.
  The check box enables or disables adding the newly generated allowing rules to the list of Device Control rules. The list of Device Control rules is displayed when you click the Device Control rules link in the details pane of the Device Control node.
  
  If this check box is selected, Kaspersky Security for Windows Server adds the rules generated by the Rule Generator for Device Control task to the list of Device Control rules based on the selected principle for adding rules.
  
  If this check box is cleared, Kaspersky Security for Windows Server does not add the newly generated allowing rules to the list of Device Control rules. The generated rules are only exported to a file.
  
  The check box is cleared by default.
- Principle of adding.
  This drop-down list is used to specify the method used to add the newly generated allowing rules to the list of Device Control rules.
  - Add to existing rules. The rules are added to the list of existing rules. Rules with identical settings are duplicated.
  - Replace existing rules. The rules replace the existing rules in the list.
  - Merge with existing rules. The rules are added to the list of existing rules. Rules with identical settings are not added; the rule is added if at least one rule parameter is unique.
  By default, the Merge with existing rules method is selected.
- Export allowing rules to file.
  The check box enables or disables export of allowing rules for Device Control to a file.
  
  If the check box is selected, Kaspersky Security for Windows Server exports the allowing rules to the file specified in the field below when the Rule Generator for Device Control task is finished.
  
  If this check box is cleared, the application does not export the generated allowing rules to a file when the Rule Generator for Device Control task is finished. Instead, it only adds them to the list of Device Control rules.
  
  The check box is cleared by default.
- Add computer details to file name.
  The check box enables or disables adding information about the protected device to the name of the file to which the allowing rules will be exported.
  
  If this check box is selected, the application adds the protected device name and the file creation date and time to the name of the export file.
  
  If the check box is cleared, the application does not add information about the protected device to the name of the export file.
  
  The check box is selected by default.
On the Schedule and Advanced tabs, configure the scheduled task start settings.
Click OK in the Task settings window.

Kaspersky Security for Windows Server immediately applies the new settings to the running task. Information about the date and time when the settings were modified, and the values of task settings before and after modification, are saved in the system audit log.

Page top