Application Control task settings

Support

Support for business applications

Kaspersky Endpoint Security 11 for Linux

Application Control task (Application_Control, ID:21)

Application Control task settings

December 12, 2023

ID 245998

The table describes all available values and the default values of all the settings that you can specify for the Application Control task.

Application Control task settings

Setting	Description	Values

`AppControlMode`	Application Control task operation mode.	`AllowList` – Kaspersky Endpoint Security prevents users from launching any applications that are not specified in the Application Control rules. `DenyList` (default value) – Kaspersky Endpoint Security allows users to launch any applications that are not specified in the Application Control rules.
`AppControlRulesAction`	The action that Kaspersky Endpoint Security performs upon detecting an attempt to start an application.	`ApplyRules` (default value) – Kaspersky Endpoint Security applies Application Control rules and performs the action specified in the rules. `TestRules` – Kaspersky Endpoint Security tests the rules and generates an event about the detection of an application that satisfies the rule.
The [Categories.item_#] section contains the following settings:
`Name`	Name of the created application category to which the rule applies.
`UseIncludes`	Usage of inclusive conditions to trigger the rule.	`Yes` – apply the rule to the application if the application meets at least one inclusive condition. `No` (default value) – do not apply the rule to the application, even if the application meets the inclusive conditions.
`IncludeFileNames.item_#`	Name of the executable file that triggers the rule.	You can use masks to specify the file name. You can use the * character (any sequence of characters) or the ? character (any one character) as the file or directory name mask. You can put the * character to represent any set of characters (including an empty set) in a file or directory name that includes the / character. For example, `/dir//file/` or `/dir/file*/`. You can put a single ? character to represent any one character (including `/`) in the file or directory name.
`IncludeFolders.item_#`	Name of the directory with the application's executable file that triggers the rule.	You can use masks to specify the directory name. You can use the * character (any sequence of characters) or the ? character (any one character) as the file or directory name mask. You can put the * character to represent any set of characters (including an empty set) in a file or directory name that includes the / character. For example, `/dir//file/` or `/dir/file*/`. You can put a single ? character to represent any one character (including `/`) in the file or directory name.
`IncludeHashes.item_#`	Hash (SHA-256) of the executable file that triggers the rule.
`UseExcludes`	Usage of excluding conditions to trigger the rule.	`Yes` – do not apply the rule to the application if the application meets at least one exclusive condition or does not meet any of the inclusive conditions. `No` (default value) – apply the rule to the application, even if the application meets at least one exclusive condition.
`ExcludeFileNames.item_#`	Name of the executable file that triggers the rule.	You can use masks to specify the file name. You can use the * character (any sequence of characters) or the ? character (any one character) as the file or directory name mask. You can put the * character to represent any set of characters (including an empty set) in a file or directory name that includes the / character. For example, `/dir//file/` or `/dir/file*/`. You can put a single ? character to represent any one character (including `/`) in the file or directory name.
`ExcludeFolders.item_#`	Name of the directory with the application's executable file that triggers the rule.	You can use masks to specify the directory name. You can use the * character (any sequence of characters) or the ? character (any one character) as the file or directory name mask. You can put the * character to represent any set of characters (including an empty set) in a file or directory name that includes the / character. For example, `/dir//file/` or `/dir/file*/`. You can put a single ? character to represent any one character (including `/`) in the file or directory name.
`ExcludeHashes.item_#`	Hash (SHA-256) of the executable file that triggers the rule.
The [AllowListRules.item_#] section contains a list of Application Control rules for the `AllowList` operation mode. Each [AllowListRules.item_#] section contains the following settings:
`Description`	Description of the Application Control rule.
`AppControlRuleStatus`	Operation status of the Application Control rule:	`On` (default value) – the rule is enabled, Kaspersky Endpoint Security applies this rule when the Application Control task is running. `Off` – the rule is not used when the Application Control task is running. `Test` – Kaspersky Endpoint Security allows applications covered by the rule to be launched, but logs information about the launch of these applications in the report.
`Category`	Name of the created application category to which the rule applies. You can specify the "Golden Image" category.
The [AllowListRules.item_#.ACL.item_#] section contains a list of users who are allowed or denied to run applications.
`Access`	Access type assigned to a user or user group.	`Allow` (default value) — Allow running applications. `Block` – Deny running applications.
`Principal`	User or user group to which the Application Control rule applies.	`\Everyone` (default value): the rule applies to all users. `<user name>`: name of the user to whom the rule applies. `@<group name>`: name of the group of users to whom the rule applies.
The [DenyListRules.item_#] section contains a list of Application Control rules for the `DenyList` operation mode. Each [DenyListRules.item_#] section contains the following settings:
`Description`	Description of the Application Control rule.
`AppControlRuleStatus`	Operation status of the Application Control rule:	`On` (default value) – the rule is enabled, Kaspersky Endpoint Security applies this rule when the Application Control task is running. `Off` – the rule is not used when the Application Control task is running. `Test` – Kaspersky Endpoint Security allows applications covered by the rule to be launched, but logs information about the launch of these applications in the report.
`Category`	Name of the created application category to which the rule applies. You can specify the "Golden Image" list of applications as a category.
The [DenyListRules.item_#.ACL.item_#] section contains a list of users who are allowed or denied to run applications.
`Access`	Access type assigned to a user or user group.	`Allow` – allow applications to start. `Block` (default value) – do not allow applications to start.
`Principal`	User or user group to which the Application Control rule applies.	`\Everyone` (default value): the rule applies to all users. `<user name>`: name of the user to whom the rule applies. `@<group name>`: name of the group of users to whom the rule applies.

Kaspersky Endpoint Security for Linux: High protection without performance compromising

Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.