Adding an Application Control rule

To add an Application Control rule using Kaspersky Security Center:

1. Open the Kaspersky Security Center Administration Console.
2. In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
3. In the workspace, select the Policies tab.
4. Select the necessary policy and double-click to open the policy properties.
5. In the policy window, select Security Controls → Application Control.

   In the right part of the window, the settings of the Application Control component are displayed.

6. Click Add.

   The Application Control rule window opens.

7. Do one of the following:
   • If you want to create a new category:
     1. Click Create a category.

        The user category creation wizard starts.

     2. Follow the instructions of the user category creation wizard.
     3. In the Category drop-down list, select the created application category.
   • If you want to edit an existing category:
     1. In the Category drop-down list, select the created application category that you want to edit.
     2. Click Properties.
     3. Modify the settings of the selected application category.
     4. Save your changes.
     5. In the Category drop-down list, select the created application category based on which you want to create a rule.
8. In the Subjects and their rights table, click the Add button.
9. In the window that opens, specify the list of users and/or user groups for which you want to configure permission to start applications from the selected category.
10. In the Subjects and their rights table, do the following:
    • If you want to allow users and/or groups of users to start applications that belong to the selected category, select the Allow check box in the relevant rows.
    • If you want to block users and/or groups of users from starting applications that belong to the selected category, select the Deny check box in the relevant rows.
11. Select the Deny for other users check box if you want all users that do not appear in the Subject column and that are not part of the group of users specified in the Subject column to be blocked from starting applications that belong to the selected category.
12. If you want Kaspersky Endpoint Security to consider applications included in the selected application category as trusted updaters allowed to create other executable files that will be subsequently allowed to run, select the Trusted Updaters check box.

    When Kaspersky Endpoint Security settings are migrated, the list of executable files created by trusted updaters is migrated as well.

13. Save your changes.

To add an Application Control rule:

1. In the main application window, click the button.
2. In the application settings window, select Security Controls → Application Control.
3. Click the Blocked applications or Allowed applications button.

   This opens the list of Application Control rules.

4. Click Add.

   This opens the Application Control rule settings window.

5. On the General settings tab, define the main settings of the rule:
   1. In the Rule name field, enter the name of the rule.
   2. In the Description field, enter a description of the rule.
   3. Compile or edit a list of users and/or groups of users who are allowed or not allowed to start applications that meet the rule trigger conditions. To do this, click the Add button in the Subjects and their rights table.

      The rule applies to all users by default.

      If there is no user specified in the table, the rule cannot be saved.

   4. In the Subjects and their rights table, use the toggle to define the right of users to start applications.
   5. Select the Deny for other users check box if you want the application to prevent applications that satisfy rule triggering conditions from running for all users that are not listed in the Subjects and their rights table and are not members of user groups listed in the Subjects and their rights table.

      If the Deny for other users check box is cleared, Kaspersky Endpoint Security does not control the startup of applications by users that are not specified in the Subjects and their rights table and that do not belong to the groups of users specified in the Subjects and their rights table.

   6. Select the Trusted Updaters check box if you want Kaspersky Endpoint Security to consider applications matching the rule trigger conditions as trusted updaters. Trusted Updaters are applications that are allowed to create other executable files that will be allowed to run subsequently.

      If an application triggers multiple rules, Kaspersky Endpoint Security sets the Trusted Updaters flag if the following conditions are satisfied:

      • All rules allow the application to run.
      • At least one rule has the Trusted Updaters check box selected.
6. On the Conditions: N tab, create or edit the list of inclusion conditions for triggering the rule.
7. On the Exclusions: N tab, create or edit the list of exclusion conditions for triggering the rule.

   When Kaspersky Endpoint Security settings are migrated, the list of executable files created by trusted updaters is migrated as well.

8. Save your changes.