Testing the allowlist mode

To ensure that Application Control rules do not block applications required for work, it is recommended to enable testing of Application Control rules and analyze their operation after creating new rules. When testing is enabled, Kaspersky Endpoint Security will not block applications whose startup is forbidden by Application Control rules, but will instead send notifications about their startup to the Administration Server.

When testing the allowlist mode, it is recommended to perform the following actions:

1. Determine the testing period (ranging from several days to two months).
2. Enable testing of Application Control rules.
3. Examine the events resulting from testing the operation of Application Control and reports on blocked applications in test mode to analyze the testing results.
4. Based on the analysis results, make changes to the allowlist mode settings.

   In particular, based on the test results, you can add executable files related to events to an application category.

Page top