When each application is started for the first time, the Host Intrusion Prevention component checks the security of the application and places the application into one of the trust groups.
At the first stage of the application scan, Kaspersky Endpoint Security searches the internal database of known applications for a matching entry and at the same time sends a request to the Kaspersky Security Network database (if an Internet connection is available). Based on the results of the search in the internal database and the Kaspersky Security Network database, the application is placed into a trust group. Each time the application is subsequently started, Kaspersky Endpoint Security sends a new query to the KSN database and places the application into a different trust group if the reputation of the application in the KSN database has changed.
You can select a trust group to which Kaspersky Endpoint Security must automatically assign all unknown applications. Applications that were started before Kaspersky Endpoint Security are automatically moved to the trust group defined in Host Intrusion Prevention component settings.
For applications that were started before Kaspersky Endpoint Security, only network activity is controlled. Control is performed according to the network rules defined in the Firewall settings.