You can specify a set of criteria as a template of executable files for which you want to allow or block a start in your organization. On the basis of executable files corresponding to the criteria, you can create an application category and use it in the Application Control component configuration.
To create an application category with content added manually:
In the OPERATIONS → THIRD-PARTY APPLICATIONS drop-down list, select APPLICATION CATEGORIES.
The page with a list of application categories is displayed.
Click the Add button.
The New Category Wizard starts. Follow the steps of the Wizard.
On the Select category creation method page of the Wizard, select the Category with content added manually. Data of executable files is manually added to the category option.
On the Conditions page of the Wizard, click the Add button to add a condition criterion to include files in the creating category.
On the Condition criteria page, select a rule type for the creation of category from the list:
If this option is selected, you can specify a Kaspersky application category as the condition of adding applications to the user category. The applications from the specified Kaspersky category will be added to the user application category.
If this option is selected, you can specify certificates from the storage. Executable files that have been signed in accordance with the specified certificates will be added to the user category.
If this option is selected, you can specify the path to the folder on the client device containing the executable files that are to be added to the user application category.
If this option is selected, you can specify the type of the medium (any drive or removable drive) on which the application is run. Applications that have been run on the selected drive type are added to the user application category.
If this option is selected, application registry is displayed. You can select an application from the registry and specify the following file metadata:
File name.
File version. You can specify precise value of the version or describe a condition, for example "greater than 5.0".
Application name.
Application version. You can specify precise value of the version or describe a condition, for example "greater than 5.0".
If this option is selected, you must specify file hash, or metadata, or certificate as the condition of adding applications to the user category.
File Hash
Depending on the version of the security application installed on devices on your network, you must select an algorithm for hash value computing by Kaspersky Security Center for files in this category. Information about computed hash values is stored in the Administration Server database. Storage of hash values does not increase the database size significantly.
SHA-256 is a cryptographic hash function: no vulnerabilities have been found in its algorithm, and so it is considered the most reliable cryptographic function nowadays. Kaspersky Endpoint Security 10 Service Pack 2 for Windows and later versions support SHA-256 computing. Computing of the MD5 hash function is supported by all versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows.
Select either of the options of hash value computing by Kaspersky Security Center for files in the category:
If all instances of security applications installed on your network are Kaspersky Endpoint Security 10 Service Pack 2 for Windows or later versions, select the SHA-256 check box. We do not recommend that you add any categories created according to the criterion of the SHA-256 hash of an executable file for versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows. This may result in failures in the security application operation. In this case, you can use the MD5 cryptographic hash function for files of the category.
If any versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows are installed on your network, select the MD5 hash. You cannot add a category that was created based on the criterion of the MD5 checksum of an executable file for Kaspersky Endpoint Security 10 Service Pack 2 for Windows or later versions. In this case, you can use the SHA-256 cryptographic hash function for files of the category.
If different devices on your network use both earlier and later versions of Kaspersky Endpoint Security 10, select both the SHA-256 check box and the MD5 hash check box.
Metadata
If this option is selected, you can specify file metadata as file name, file version, vendor. The metadata will be sent to Administration Server. Executable files that contain the same metadata will be added to the application category.
Certificate
If this option is selected, you can specify certificates from the storage. Executable files that have been signed in accordance with the specified certificates will be added to the user category.
If this option is selected, you can specify an MSI installer file as the condition of adding applications to the user category. The application installer metadata will be sent to Administration Server. The applications for which the installer metadata is the same as for the specified MSI installer are added to the user application category.
The selected criterion is added to the list of conditions.
You can add as many criteria for the creating application category as you need.
On the Exclusions page of the Wizard, click the Add button to add an exclusive condition criterion to exclude files from the category that is being created.
On the Condition criteria page, select a rule type from the list, in the same way that you selected a rule type for category creation.
When the Wizard finishes, the application category is created. It is displayed in the list of application categories. You can use the created application category when you configure Application Control.