You can specify a set of criteria as a template of executable files for which you want to allow or block a start in your organization. On the basis of executable files corresponding to the criteria, you can create an application category and use it in the Application Control component configuration.
To create an application category with content added manually:
In the console tree, in the Advanced → Application management folder select the Application categories subfolder.
Click the New category button.
The New category wizard starts. Proceed through the wizard by using the Next button.
On the Category type wizard page, select Category with content added manually as the user category type.
On the Enter the application category name wizard page, enter the new application category name.
On the Configuring conditions for inclusion of applications in categories page, click the Add button.
In the drop-down list, specify the relevant settings:
Specify a folder on the client device that contains executable files. The metadata in the executable files that are included in the specified folder will be sent to Administration Server. Executable files that contain the same metadata will be added to the user application category.
If this option is selected, you can select or create a folder on the client device. The MD5 hash of the files in a specified folder will be sent to Administration Server. The applications that have the same hash as the files in the specified folder are added to the user application category.
If this option is selected, you can specify the folder on the client device, which contains executable files signed with certificates. Certificates of executable files are read and added to the category's conditions. Executable files that have been signed in accordance with the specified certificates will be added to the user category.
If this option is selected, you can specify an MSI installer file as the condition of adding applications to the user category. The application installer metadata will be sent to Administration Server. The applications for which the installer metadata is the same as for the specified MSI installer are added to the user application category.
If this option is selected, you can specify an MSI installer file as the condition of adding applications to the user category. The hash of the application installer files will be sent to Administration Server. The applications for which the hash of MSI installer files is identical to the specified hash are added to the user application category.
If this option is selected, you can specify a Kaspersky application category as the condition of adding applications to the user category. The applications from the specified Kaspersky category will be added to the user application category.
If this option is selected, you can specify the path to the file or folder on the client device containing the executable files that are to be added to the user application category. You can use regular expressions such as C:\path_to_exe\*, for example: C:\Program Files\Internet Explorer\*.
If this option is selected, you can specify certificates from the storage. Executable files that have been signed in accordance with the specified certificates will be added to the user category.
If this option is selected, you can specify the type of the medium (any drive or removable drive) on which the application is run. Applications that have been run on the selected drive type are added to the user application category.
On the Creating the application category wizard page, click the Finish button.
Kaspersky Security Center only handles metadata from digitally signed files. No category can be created on the basis of metadata from files that do not contain a digital signature.
When the wizard has completed, a user application category is created, with content added manually. You can view the newly created category using the list of categories in the workspace of the Application categories folder.