Support

Support for business applications

Kaspersky Endpoint Security 11 for Windows

Computer control

Application Control

Best practices for implementing a list of allowed applications

Configuring allowlist mode for applications

Kaspersky Endpoint Security 11 for Windows
Нет результатов
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools Product videos

Configuring allowlist mode for applications

April 25, 2024

ID 165718

Get as PDF

When configuring the allowlist mode, it is recommended to perform the following actions:

  1. Create application categories containing the applications that must be allowed to start.

    You can select one of the following methods for creating application categories:

    • Category with content added manually. You can manually add to this category by using the following conditions:
      • File metadata. Kaspersky Security Center adds all executable files accompanied by the specified metadata to the application category.
      • File hash code. Kaspersky Security Center adds all executable files with the specified hash to the application category.

        Use of this condition excludes the capability to automatically install updates because different versions of files will have a different hash.

      • File certificate. Kaspersky Security Center adds all executable files signed with the specified certificate to the application category.
      • KL category. Kaspersky Security Center adds all applications that are in the specified KL category to the application category.
      • Application folder. Kaspersky Security Center adds all executable files from this folder to the application category.

        Use of the Application folder condition may be unsafe because any application from the specified folder will be allowed to start. It is recommended to apply rules that use the application categories with the Application folder condition only to those users for whom the automatic installation of updates must be allowed.

    • Category that includes executable files from a specific folder. You can specify a folder from which executable files will be automatically assigned to the created application category.
    • Category that includes executable files from selected devices. You can specify a computer for which all executable files will be automatically assigned to the created application category.

      When using this method of creating application categories, Kaspersky Security Center receives information about applications on the computer from the Executable files folder.

  2. Select the allowlist mode for the Application Control component.
  3. Create Application Control rules using the created application categories.

    The Golden Image rule and Trusted Updaters rule are initially defined for Allowlist mode. These Application Control rules correspond to KL categories. The "Golden Image" KL category includes programs that ensure normal operation of the operating system. The "Trusted Updaters" KL category includes updaters for the most reputable software vendors. You cannot delete these rules. The settings of these rules cannot be edited. By default, the Golden Image rule is enabled and the Trusted Updaters rule is disabled. All users are allowed to start applications that match the trigger conditions of these rules.

  4. Determine the applications for which automatic installation of updates must be allowed.

    You can allow automatic installation of updates in one of the following ways:

    • Specify an extended list of allowed applications by allowing the startup of all applications that belong to any KL category.
    • Specify an extended list of allowed applications by allowing the startup of all applications that are signed with certificates.

      To allow the startup of all applications signed with certificates, you can create a category with a certificate-based condition that uses only the Subject parameter with the value *.

    • For the Application control rule, select the Trusted Updaters parameter. If this check box is selected, Kaspersky Endpoint Security considers the applications included in the rule as Trusted Updaters. Kaspersky Endpoint Security allows the startup of applications that have been installed or updated by applications included in the rule, provided that no blocking rules are applied to those applications.

      When Kaspersky Endpoint Security settings are migrated, the list of executable files created by trusted updaters is migrated as well.

    • Create a folder and place within it the executable files of applications for which you want to allow automatic installation of updates. Then create an application category with the "Application folder" condition and specify the path to that folder. Then create an allow rule and select this category.

      Use of the Application folder condition may be unsafe because any application from the specified folder will be allowed to start. It is recommended to apply rules that use the application categories with the Application folder condition only to those users for whom the automatic installation of updates must be allowed.

Kaspersky Endpoint Security for Windows: Detection of advanced threats
Control systems which prevent damage from the sensitive data theft. Management from a single console. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.