Selecting the Application Control mode

To select the Application Control mode:

1. In the main application window, click the button.
2. In the application settings window, select Security Controls → Application Control.
3. In the Application Startup Control mode block, select one of the following options:
   • Denylist. If this option is selected, Application Control allows all users to start any applications, except in cases that satisfy the conditions of Application Control block rules.
   • Allowlist. If this option is selected, Application Control blocks all users from starting any applications, except in cases that satisfy the conditions of Application Control allow rules.

     The Golden Image rule and Trusted Updaters rule are initially defined for Allowlist mode. These Application Control rules correspond to KL categories. The "Golden Image" KL category includes programs that ensure normal operation of the operating system. The "Trusted Updaters" KL category includes updaters for the most reputable software vendors. You cannot delete these rules. The settings of these rules cannot be edited. By default, the Golden Image rule is enabled and the Trusted Updaters rule is disabled. All users are allowed to start applications that match the trigger conditions of these rules.

   All rules created during the selected mode are saved after the mode is changed so that the rules can be used again. To revert back to using these rules, all you have to do is select the necessary mode.

4. In the Action at startup of blocked applications block, select the action to be performed by the component when a user attempts to start an application that is blocked by Application Control rules.
5. Select the Control DLL modules load check box if you want Kaspersky Endpoint Security to monitor the loading of DLL modules when applications are started by users.

   Information about the module and the application that loaded the module will be saved to a report.

   Kaspersky Endpoint Security monitors only the DLL modules and drivers that have been loaded since the check box was selected. Restart the computer after selecting the check box if you want Kaspersky Endpoint Security to monitor all DLL modules and drivers, including ones that are loaded before Kaspersky Endpoint Security is started.

   When enabling control over the loading of DLL modules and drivers, make sure that one of the following rules is enabled in the Application Control settings: the default Golden Image rule or another rule that contains the "Trusted certificates" KL category and ensures that trusted DLL modules and drivers are loaded before Kaspersky Endpoint Security is started. Enabling control of the loading of DLL modules and drivers when the Golden Image rule is disabled may cause instability in the operating system.

   We recommend turning on password protection for configuring application settings, so that it is possible to turn off the rules blocking critical DLL modules and drivers form start, without modifying Kaspersky Security Center policy settings.

6. Save your changes.