Kaspersky Industrial CyberSecurity for Nodes

Rule Generator for Applications Launch Control: KAVSHELL APPCONTROL /GENERATE

August 3, 2023

ID 146712

You can use the KAVSHELL APPCONTROL /GENERATE command to generate Applications Launch Control rule lists.

A password might be required to execute the command. To enter the current password, use [/pwd:<password>].

KAVSHELL APPCONTROL /GENERATE command syntax

KAVSHELL APPCONTROL /GENERATE <path to folder> | /source:<path to file with folders list> [/masks:<edms>] [/runapp] [/rules:<ch|cp|h>] [/strong] [/user:<user or group of users>] [/export:<path to XML file>] [/import:<a|r|m>] [/prefix:<prefix for rules names>] [/unique]

KAVSHELL APPCONTROL /GENERATE command examples

To generate rules for files from specified folders, execute the following command:

KAVSHELL APPCONTROL /GENERATE /source:c\folderslist.txt /export:c:\rules\appctrlrules.xml

To generate rules for executable files with any extension in the specified folder and, upon the task completion, save the generated rules in the specified file XML file, execute the following command:

KAVSHELL APPCONTROL /GENERATE c:\folder /masks:edms /export:c\rules\appctrlrules.xml

You can use command-line parameters/options to configure automatic rule generation settings for the Applications Launch Control task (see the table below).

KAVSHELL APPCONTROL /GENERATE command-line parameters/options

Parameter/option

Description

Allowing rules usage scope

<path to folder>

Specify the path to the folder with executable files for which allowing rules will be automatically generated.

/source: <path to file with folders list>

Specify the path to a TXT file with a list of folders with executable files for which allowing rules will be automatically generated.

/masks: <edms>

Specify the extensions of executable files for which allowing rules will be automatically generated.

You can include files with the following extensions in the rules scope:

  • e - EXE files
  • d - DLL files
  • m - MSI files
  • s - scripts

/runapp

When generating allowing rules, account for applications currently running on the protected device.

Actions when automatically generating allowing rules

/rules: <ch|cp|h>

Specify actions to perform while generating allowing rules for the Applications Launch Control task:

  • ch – Use the digital certificate. If the certificate is missing, use the SHA256 hash.
  • cp – Use the digital certificate. If the certificate is missing, use the path to the executable file.
  • h - Use the SHA256 hash.

/strong

Use the digital certificate's subject and thumbprint while automatically generating allowing rules for the Applications Launch Control task. The command is executed if a value is specified for the /rules: <ch|cp> option.

/user: <user or group of users>

Specify the user or group of users for which the rules will be applied. The application will monitor any applications run by the specified user and / or group of users.

Actions on completion of the Rule Generator for Applications Launch Control task

/export: <full path to XML file>

Save the generated rules to an XML file.

/unique

Add information about the protected device with installed applications that are the basis for generating the Applications Launch Control allowing rules.

/prefix: <prefix for rule names>

Specify a prefix for the names of Applications Launch Control allowing rules.

/import: <a|r|m>

Import the generated rules into the specified list of Applications Launch Control rules according to the selected import rule:

  • a - Add to existing rules (rules with identical settings are duplicated)
  • r - Replace existing rules (rules with identical settings are not added; a rule is added if at least one rule setting is unique)
  • m - Merge with existing rules (rules with identical settings are not added; a rule is added if at least one rule setting is unique)

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.