Application Control

for Windows and Linux

Application Control manages the startup of applications on users' computers. This allows you to implement a corporate security policy when using applications. Application Control also reduces the risk of computer infection by restricting access to applications.

The Application Control component uses rules to regulate the launch of applications on protected devices. The administrator creates Application Control rules in the policy for the administration group. A rule contains conditions and actions that the Application Control component performs when a rule triggers:

Whether the application belongs to an application category. An application category is a group of applications that have something in common. For example, a category that includes executable files of installed applications or a category that includes the standard set of applications used in the organization. You can use a category only in one rule.
Kaspersky Endpoint Security does not support KL categories of Kaspersky Security Center.
Action of the component when a rule triggers: allow or deny application launch for the selected users or user groups.
Rule-triggering condition. A condition has the following correlation: "condition type–condition criterion–condition value". Based on the rule-triggering conditions, Kaspersky Endpoint Security applies or does not apply a rule to an application. Inclusive and exclusive conditions can be used in a rule:
- Allow all except the rules list. Application Control allows all users to start any application except applications prohibited by Application Control block rules.
- Block all except the rules list. Application Control blocks all users from starting any application except applications permitted by Application Control allow rules.

The administrator can create many rules. One application may match the criteria of multiple rules. The priority of a block rule is higher than the priority of an allow rule. Kaspersky Endpoint Security checks if an application matches a rule each time it is started. Kaspersky Endpoint Security sequentially matches the application against all Application Control rules.

Application Control settings

Settings	OS	Description
Message templates	`Windows`	Message to user. Template of the message that is displayed when an Application Control rule that blocks an application from starting is triggered. Message to administrator. Template of the message that a user can send to the corporate LAN administrator if the user believes that an application was blocked by mistake.
Operating mode	`Windows` `Linux`	You can choose one of the following options: Allow all except the rules list. If this option is selected, Application Control allows all users to start any application except applications prohibited by Application Control block rules. Block all except the rules list. If this option is selected, Application Control blocks all users from starting any application except applications permitted by Application Control allow rules.
Action on starting applications	`Windows` `Linux`	Apply rules. Kaspersky Endpoint Security manages the startup of applications according to the selected mode. Inform. Kaspersky Endpoint Security informs about the attempt to run an application.
Add policy rules to local rules	`Linux`	If this item is selected, the application applies rules configured in the policy together with local rules configured on the protected device.
Use strict digital signature verification	`Windows`	You can select a certificate as a triggering condition for an Application Control rule. If this check box is selected, Kaspersky Endpoint Security applies rules to applications signed with certificates only from the trusted system certificate store. Applications signed with such a certificate are also considered trusted by the protection components, for example, the Malware Scan task. However, if you specify a certificate from a different store in an Application Control rule, Kaspersky Endpoint Security does not apply such a rule. If the check box is cleared, Kaspersky Endpoint Security applies rules to applications signed by a certificate from the Windows Trusted Root Certificate Store. Such applications are not part of the trusted zone. Protection components monitor the activity of such applications.
Monitor loading of DLL modules	`Windows`	If the check box is selected, Kaspersky Endpoint Security controls the loading of DLL modules when users attempt to start applications. Information about the DLL module and the application that loaded this DLL module is logged in the report. When enabling control over the loading of DLL modules and drivers, make sure that one of the following rules is enabled in the Application Control settings: the default Golden Image rule or another rule that contains the "Golden Image\Trusted Certificates" KL category and ensures that trusted DLL modules and drivers are loaded before Kaspersky Endpoint Security is started. Enabling control of the loading of DLL modules and drivers when the Golden Image rule is disabled may cause instability in the operating system. Kaspersky Endpoint Security monitors only the DLL modules and drivers that have been loaded since the check box was selected. After selecting the check box, it is recommended to restart the computer to ensure that the application monitors all DLL modules and drivers, including those loaded before Kaspersky Endpoint Security starts.
Rules	`Windows` `Linux`	Application Control rules that Kaspersky Endpoint Security uses to control application launch on protected devices. For each Application Control mode, you can add up to five rules.
Trusted Updaters	`Windows`	If this check box is selected, Kaspersky Endpoint Security considers the applications included in the rule as Trusted Updaters. Kaspersky Endpoint Security allows creating and running new executable files to such applications.

Page top