Launch control of executable files on devices

Kaspersky Industrial CyberSecurity for Networks can control the launch of executable files on the devices known to the application. Monitoring of executable file launches relies on data from EPP applications or applications that use the Kaspersky Industrial CyberSecurity for Networks API. The application uses the received data to create the table of executable files.

Automatic receipt of data about executable file launches is available for devices with Endpoint Agent, which communicates with the EPP application and sends basic data on the devices and running processes (telemetry data) to Kaspersky Industrial CyberSecurity for Networks. The application specifies the Telemetry (Endpoint Agent) source for this data. If the data about an executable file run is received only from the application that uses the Kaspersky Industrial CyberSecurity for Networks API, the application sets the data source value to External source for this file.

To receive data about executable file runs from the Telemetry (Endpoint Agent) source, asset management methods must be enabled for detecting device activity and device information. These methods must be enabled on all nodes where the application components from which EPP applications information is received are installed.

The table of executable files has the following limitations on the number and storage time of elements:

• The total number of executable files can be no more than 100 thousand.

  If the maximum number of executable files is reached, the application automatically deletes 10% of the oldest records.

• The maximum storage time for an executable file until the next execution data for this file is received can be no more than 90 days.

  If no new data about the run of the executable file was received before the maximum storage time expires, the application automatically deletes the entry about this file.

If needed, users with the Administrator role can manually delete executable files.

You can view information about executable files on the Executable files tab in the Assets section. When viewing the executable files table, you can configure, filter, search, sort, and navigate to related items.

The application displays the following device executable files details in the table and details area for the selected file:

• File ID is the file identifier assigned in Kaspersky Industrial CyberSecurity for Networks.
• Device is a device name and address.
• Name is the application name and version, or file name.
• Data received is the date and time when file details were last received.
• Product is the name of the software product saved in the device operating system.
• Product version is the version of the software product saved in the device operating system.
• Vendor is the application vendor name.
• Path is the full path to the file.
• File size is the amount of disk space used by the file.
• MD5 hash is the file checksum obtained using the MD5 hash algorithm.
• SHA256 hash is the file checksum obtained using the SHA256 hash algorithm.
• Signature: the result of the file digital signature verification. It's either Valid (if the digital signature was verified successfully) or Invalid (for example, if the certificate has expired)
• Created is the date and time when the file was created.
• Changed is the date and time when the file was last modified.
• Origin is the file data source type.
• Attributes is the list of file attributes.
• Description is the description set for the file.

Page top