Adding event-related executable files to the application category
To add executable files related to Application Control events to the application category:
- Open the Kaspersky Security Center Administration Console.
- In the Administration Server node of the Administration Console tree, select the Events tab.
- Choose a selection of events related to operation of the Application Control component (Viewing events resulting from operation of the Application Control component, Viewing events resulting from test operation of the Application Control component) in the Event selections drop-down list.
- Click the Run selection button.
- Select the events whose associated executable files you want to add to the application category.
- Right-click to open the context menu for the selected events and select Add to category.
- In the window that opens, configure the settings of the application category:
- In the upper part of the window, choose one of the following options:
- Add to a new application category. Choose this option if you want to create a new application category and add executable files to it.
- Add to an existing application category. Choose this option if you want to select an existing application category and add executable files to it.
- In the Rule type block, select one of the following options:
- Rules for adding to inclusions. Select this option if you want to create a condition that adds executable files to the application category.
- Rules for adding to exclusions. Select this option if you want to create a condition that excludes executable files from the application category.
- In the Parameter used as a condition block, select one of the following options:
- Certificate details (or SHA-256 hashes for files without a certificate).
- Certificate details (files without a certificate will be skipped).
- Only SHA-256 (files without a hash will be skipped).
- Only MD5 (discontinued mode, only for Kaspersky Endpoint Security 10 Service Pack 1 version).
- Save your changes.
Page top