Application Сontrol

The Application Control component allows you to manage the launch of applications on protected devices. Application Control lowers the risk of device infection by limiting users' access to applications.

To use the component, a license that includes the corresponding function is required.

This feature is not supported in the KESL container.

Application launching is regulated by Application Control rules.

The Application Control component can operate in one of two modes:

• Denylist. In this mode Kaspersky Endpoint Security allows all users to launch any applications that are not specified in the Application Control rules. By default, the Application Control component operates in this mode.
• Allowlist. In this mode Kaspersky Endpoint Security prevents all users from launching any applications that are not specified in the Application Control rules.

If the Application Control rules are created to the fullest extent possible, Kaspersky Endpoint Security prohibits the launching of all new applications that are not verified by the administrator of the organization's local network, but ensures the performance of the operating system and verified applications that users need to perform their job duties.

The Kaspersky Security Center administrator or a local user with the admin role assigned in the application can allow or deny process start under the root account using the Application Control.

Application Control is disabled by default. You can enable or disable Application Control, and also configure the component's operation settings:

• Select the Application Control mode: allowlist or denylist.
• Create Application Control rules for each of the modes.
• Select the action that Kaspersky Endpoint Security will perform upon detecting an attempt to start an application that matches the rules: apply the rules or test rules and notify about an attempt to start an application that matches the rules.

You can receive information about applications installed on protected devices using the Inventory task.

The Application Control task does not control the launching of scripts from interpreters that are not supported by Kaspersky Endpoint Security, or the launching of scripts that are not passed to the interpreter via the command line. Kaspersky Endpoint Security supports the following interpreters: python, perl, bash, ssh.

If the interpreter is allowed to launch by the Application Control rules, Kaspersky Endpoint Security does not block the script launched from this interpreter. If the launch of at least one script specified in the interpreter command line is prohibited by the Application Control rules, Kaspersky Endpoint Security blocks all the scripts specified in the interpreter command line. Exclusion: cat script.py | python.