About Application Startup Control rules
January 10, 2024
An Application Startup Control rule is a group of settings required for operation of the Application Startup Control component:
- Assignment of the application to an application category. An application category is a group of applications that have common attributes. For example, this could be a category that includes executable files from selected protected virtual machines, or a category named "Applications for work" that includes the standard set of applications that are used within an organization. You can create categories based on various conditions, including based on KL categories. A KL category is a list of applications generated by Kaspersky experts. For example, the KL category "Office applications" includes applications from the Microsoft Office suite, Adobe Acrobat, and others. For more information about managing categories, please refer to the Kaspersky Security Center help.
If files do not have a digital signature, the Application Startup Control component cannot determine the KL category for these files and blocks them from starting. Therefore, if the "Block" action is selected in the settings of the Application Startup Control component, files without a digital signature will be blocked from starting. If you want to allow the startup of certain files that don't have a digital signature, you are advised to select the "Inform" action in the Application Startup Control component settings, and to add the relevant files to a predefined application category when an event is received in Kaspersky Security Center.
- Allowing or blocking selected users and/or user groups from starting applications. You can specify a user and/or user group that is allowed or blocked from starting applications from a specified category.
For each Application Startup Control mode, you need to create separate rules and select the action that Application Startup Control must take when it detects an attempt to start an application that is not allowed by the rule: inform about the startup of the application or block the startup of the application.
Status of Application Startup Control rules
Application Startup Control rules can have one of three status values:
- On. This rule status means that the rule is enabled.
- Off. This rule status means that the rule is disabled.
- Test. This rule status signifies that Kaspersky Security does bot block the startup of applications to which the rule applies but logs information about the startup of these applications in reports. The Test status of a rule is convenient for testing the operation of a configured Application Startup Control rule. The user is not blocked from starting applications that match a rule with the Test status. Application startup allow and block settings are configured separately for test rules and non-test rules.
When created, an Application Startup Control rule is enabled by default (the rule has On status). You can disable the Application Startup Control rule. If an Application Startup Control rule is disabled, the application temporarily stops applying the rule.
Predefined Application Startup Control rules
After Kaspersky Security is installed, the following Application Startup Control rules are created for the "Allowlist of applications" operation mode by default:
- Trusted updaters. The rule allows all users startup of applications that have been installed or updated by applications in the KL category "Trusted Updaters". The "Trusted updaters" KL category includes updaters for the most reputable software vendors. The rule is disabled by default.
- Operating system and its components. This rule allows all users to start applications in the "Golden Image" KL category. The "Golden Image" KL category includes applications that are required for the operating system to start and function. The rule is enabled by default.
- Virtualization applications. This rule allows all users to start applications in the "Applications for virtualization" KL category. The "Virtualization applications" KL category includes applications intended for virtualization of platforms and resources. The rule is enabled by default.
Managing Application Startup Control rules
You can manage an Application Startup Control rule as follows:
You cannot edit or delete predefined Application Startup Control rules.