Managing the startup of applications on Windows devices
You can block applications from running on Windows devices if those applications do not meet your corporate security requirements. Application startup is restricted through Application Control.
To configure Application Control on Windows devices:
Select the Security management → Security profiles section.
The Security profiles section contains a list of security profiles configured in Kaspersky Next.
In the list, select the security profile for the devices on which you want to configure Application Control.
Click the link with the profile name to open the security profile properties window.
The security profile properties window displays settings available for all devices.
In the Windows group, select the Application Control section.
The Application Control settings page opens.
Set the toggle switch to Application Control is enabled.
Under Application Control mode, select the global mode:
Allow all applications, except
This mode is Default allow, which allows users to start an application unless it is on the list of blocked ones.
Block all applications, except
This mode is Default deny, which prevents users from starting an application unless it is on the list of allowed ones.
Specify a list of exceptions.
For each Application Control mode, you can add up to five exceptions.
Do any of the following:
To add an Application Control exception:
Click the Add button.
In the Add a new Application Control exception window that opens, define the exception settings, as described later in this section.
Click Apply to close the Add a new Application Control exception window.
To enable or disable an added Application Control exception, set the toggle switch next to that exception to the desired state:
If the toggle switch is green, the exception is enabled. Depending on the Application Control mode, the applications specified in the exception are either blocked or allowed.
By default, a newly added exception is enabled.
If the toggle switch is gray, the exception is disabled. When the user attempts to start the applications specified in the exception, the software behavior is determined by the Application Control mode.
To edit an added Application Control exception:
You cannot edit the predefined exception Trusted installation packages that is displayed if the Application Control mode is Block all applications, except.
Select the check box next to the required exception.
Click the Edit button.
In the Edit an Application Control exception window that opens, define the new settings of the exception, as described later in this section.
Click Apply to close the Edit an Application Control exception window.
To delete Application Control exceptions that were added:
You cannot delete the predefined exception Trusted installation packages that is displayed if the Application Control mode is Block all applications, except.
Select the check boxes next to the required exceptions.
Click the Delete button.
In the confirmation window that opens, click the Delete button.
Click Save to save the changes.
The list of Application Control exceptions is updated.
After the security profile is applied, Application Control is enabled on Windows devices. User access to applications is governed according to the currently defined settings.
To define the settings of an Application Control exception:
Start adding or editing an exception, as described earlier in this section.
In the Exception name field, enter the name of the exception.
Select the criteria to be applied to applications.
You can specify either of the following criteria:
Application categories
Kaspersky Next manages access to applications from the selected categories.
Do the following:
Click the Settings link.
In the Application categories window that opens, select the check boxes next to the required categories.
Click OK to close the Application categories window.
Individual applications
Kaspersky Next manages access only to the specified applications.
Do the following:
Click the Settings link.
In the Individual applications window that opens, specify the list of applications to be excluded.
You can use masks:
The * (asterisk) character takes the place of any set of characters. For example, C:\Users\User\Desktop\*.exe.
The ? (question mark) character takes the place of any single character. For example, C:\Users\User\Desktop\test?.exe.
Click OK to close the Individual applications window.
All applications from removable drives
Kaspersky Next manages access to all applications that are stored on removable drives.