Testing the allowlist mode

Support

Support for business applications

Kaspersky Endpoint Security 11 for Windows

Computer control

Application Control

Best practices for implementing a list of allowed applications

Testing the allowlist mode

April 25, 2024

ID 165699

Get as PDF

To ensure that Application Control rules do not block applications required for work, it is recommended to enable testing of Application Control rules and analyze their operation after creating new rules. When testing is enabled, Kaspersky Endpoint Security will not block applications whose startup is forbidden by Application Control rules, but will instead send notifications about their startup to the Administration Server.

When testing the allowlist mode, it is recommended to perform the following actions:

Determine the testing period (ranging from several days to two months).
Enable testing of Application Control rules.
Examine the events resulting from testing the operation of Application Control and reports on blocked applications in test mode to analyze the testing results.
Based on the analysis results, make changes to the allowlist mode settings.
In particular, based on the test results, you can add executable files related to events to an application category.

Kaspersky Endpoint Security for Windows: Detection of advanced threats

Control systems which prevent damage from the sensitive data theft. Management from a single console. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.