Application Control task (Application_Control, ID:21)
February 8, 2024
ID 221627
During execution of the Application Control task, Kaspersky Industrial CyberSecurity for Linux Nodes controls the launching of applications on user computers. This helps reduce the risk of computer infection by restricting access to applications. Application launching is regulated by application control rules.
The Application Control task can operate in two modes:
- Deny list. In this mode Kaspersky Industrial CyberSecurity for Linux Nodes allows all users to launch any applications that are not specified in the application control rules. This is the default operation mode of the Application Control task.
- Allow list. In this mode Kaspersky Industrial CyberSecurity for Linux Nodes prevents all users from launching any applications that are not specified in the application control rules.
Thus, if the application control rules are created to the fullest extent possible, Kaspersky Industrial CyberSecurity for Linux Nodes prohibits the launching of all new applications that are not verified by the administrator of the organization's local network, but ensures the performance of the operating system and verified applications that users need to perform their job duties.
For each operation mode of the Application Control task, separate rules can be created and the action can be specified: apply rules or test rules. Kaspersky Industrial CyberSecurity for Linux Nodes performs this action when it detects an attempt to start an application.
If you change the list of allowed applications or prohibit the launch of all applications or applications affecting Kaspersky Industrial CyberSecurity for Linux Nodes's operation, then when modifying the task settings using the configuration file or using the command line, run the --set-settings command with the --accept flag.
Kaspersky Industrial CyberSecurity for Linux Nodes supports the following interpreters: python, perl, bash, ssh. The Application Control task does not control the launching of scripts from interpreters that are not supported by Kaspersky Industrial CyberSecurity for Linux Nodes, or the launching of scripts that are not passed to the interpreter via the command line.
If the interpreter is allowed to launch by the Application Control rules, Kaspersky Industrial CyberSecurity for Linux Nodes does not block the script launched from this interpreter. If the launch of at least one script specified in the interpreter command line is prohibited by the Application Control rules, Kaspersky Industrial CyberSecurity for Linux Nodes blocks all the scripts specified in the interpreter command line. Exclusion: cat script.py | python.
