Application Control task settings

The table describes all available values and the default values of all the settings that you can specify for the Application Control task.

Application Control task settings

Setting

Description

Values

AppControlMode

Application Control task operation mode.

AllowList – Kaspersky Industrial CyberSecurity for Linux Nodes prevents users from launching any applications that are not specified in the application control rules.

DenyList (default value) – Kaspersky Industrial CyberSecurity for Linux Nodes allows users to launch any applications that are not specified in the application control rules.

AppControlRulesAction

Action performed by Kaspersky Industrial CyberSecurity for Linux Nodes when a user attempts to launch an application prohibited by the application control rules.

ApplyRules – Kaspersky Industrial CyberSecurity for Linux Nodes applies Application Control rules and performs the action specified in the rules.

TestRules (default value) – Kaspersky Industrial CyberSecurity for Linux Nodes tests the rules and generates an event about the detection of an application that meets the rule.

The [Categories.item_#] section contains the following settings:

Name

Name of the created application category to which the rule applies.

 

UseIncludes

Usage of inclusive conditions to trigger the rule.

Yes – apply the rule to the application if the application meets at least one inclusive condition.

No (default value) – do not apply the rule to the application, even if the application meets the inclusive conditions.

IncludeFileNames.item_#

Name of the executable file that triggers the rule.

You can use masks to specify the file name.

 

IncludeFolders.item_#

Name of the directory with the application's executable file that triggers the rule.

You can use masks to specify the directory name.

 

IncludeHashes.item_#

Hash (SHA-256) of the executable file that triggers the rule.

 

UseExcludes

Usage of excluding conditions to trigger the rule.

Yes – do not apply the rule to the application if the application meets at least one exclusive condition or does not meet any of the inclusive conditions.

No (default value) – apply the rule to the application, even if the application meets at least one exclusive condition.

ExcludeFileNames.item_#

Name of the executable file that triggers the rule.

You can use masks to specify the file name.

 

ExcludeFolders.item_#

Name of the directory with the application's executable file that triggers the rule.

You can use masks to specify the directory name.

 

ExcludeHashes.item_#

Hash (SHA-256) of the executable file that triggers the rule.

 

The [AllowListRules.item_#] section contains a list of application control rules for the AllowList operation mode.

Each [AllowListRules.item_#] section contains the following settings:

Description

Description of the application control rule.

 

AppControlRuleStatus

Operation status of the application control rule.

On (default value) – the rule is enabled, Kaspersky Industrial CyberSecurity for Linux Nodes applies this rule when the Application Control task is running.

Off – the rule is not used when the Application Control task is running.

Test – Kaspersky Industrial CyberSecurity for Linux Nodes allows applications covered by the rule to be launched, but logs information about the launch of these applications in the report.

Category

Name of the created application category to which the rule applies.

You can specify the "Golden Image" category.

 

The [AllowListRules.item_#.ACL.item_#] section contains a list of users who are allowed or denied to run applications.

Access

Access type assigned to a user or user group.

Allow (default value) — Allow running applications.

Block – Deny running applications.

Principal

User or user group to which the Application Control rule applies.

\Everyone (default value) — The access rule applies to all users.

<user name> — Name of the user to whom the access rule applies.

@<group name> — Name of the group of users to whom the access rule applies.

The [DenyListRules.item_#] section contains a list of application control rules for the DenyList operation mode.

Each [DenyListRules.item_#] section contains the following settings:

Description

Description of the application control rule.

 

AppControlRuleStatus

Operation status of the application control rule.

On (default value) – the rule is enabled, Kaspersky Industrial CyberSecurity for Linux Nodes applies this rule when the Application Control task is running.

Off – the rule is not used when the Application Control task is running.

Test – Kaspersky Industrial CyberSecurity for Linux Nodes allows applications covered by the rule to be launched, but logs information about the launch of these applications in the report.

Category

Name of the created application category to which the rule applies.

You can specify the "Golden Image" list of applications as a category.

 

The [DenyListRules.item_#.ACL.item_#] section contains a list of users who are allowed or denied to run applications.

Access

Access type assigned to a user or user group.

Allow – Allow running applications.

Block (default value) — Block running applications.

Principal

User or user group to which the Application Control rule applies.

\Everyone (default value) — The access rule applies to all users.

<user name> — Name of the user to whom the access rule applies.

@<group name> — Name of the group of users to whom the access rule applies.

Page top