Configuring Software Distribution Control

Support

Support for business applications

Kaspersky Security 11.x for Windows Server

Applications Launch Control

Managing Applications Launch Control via the Administration Plug-in

Configuring Software Distribution Control

June 10, 2022

ID 146674

Save as PDF

To add a trusted distribution package:

Open the Applications Launch Control window.
On the Software Distribution Control tab, select the Automatically allow software distribution via applications and packages listed check box.
The check box enables and disables automatic creation of exclusions for all files started using the distribution packages specified in the list.

If the check box is selected, the application automatically allows files in the trusted distribution packages to start. The list of applications and distribution packages allowed to start can be edited.

If the check box is cleared, the application does not apply the exclusions specified in the list.

The check box is cleared by default.

You can select the Automatically allow software distribution via applications and packages listed, if the Apply rules to executable files check box in the General tab is selected in the Applications Launch Control task settings.
Clear the Always allow software distribution via Windows Installer check box if required.
The check box enables and disables automatic creation of exclusions for all files executed via Windows Installer.

If the check box is selected, files installed via Windows Installer will always be allowed to start.

If the check box is cleared, files will not be allowed to start unconditionally, even if they are started via Windows Installer.

The check box is selected by default.

The check box is not editable if the Automatically allow software distribution via applications and packages listed check box is not selected.

Clearing the Always allow software distribution via Windows Installer check box is only recommended if it is absolutely necessary. Turning off this function may cause issues with updating operating system files and also prevent the launch of files extracted from a distribution package.
If required, select the Always allow software distribution via SCCM using the Background Intelligent Transfer Service check box.
The check box turns on or off automatic software distribution using the System Center Configuration Manager.

If the check box is selected, Kaspersky Security for Windows Server automatically allows Microsoft Windows deployment using the System Center Configuration Manager. The application allows software distribution only via the Background Intelligent Transfer Service.

The application controls start of objects with the following extensions:
- .exe
- .msi
The check box is cleared by default.
The application controls the software distribution cycle on the protected device — from package delivery to installation or update. The application does not control processes if any stage of distribution was performed before installation of the application on the protected device.
To edit the list of trusted distribution packages, click Change packages list and select one of the following methods in the window that opens:
- Add one distribution package.
  1. Click the Browse button.
  2. Select the executable file or distribution package.
    The Trusting criteria section is automatically populated with data about the selected file.
  3. Clear or select the Allow the further distribution of programs created from this distribution package check box.
  4. Select one of two available options for criteria to use to determine whether a file or distribution package is trusted:
    - Use digital certificate
    - Use SHA256 hash
- Add several packages by hash.
  You can select an unlimited number of executable files and distribution packages, and add them to the list all at the same time. Kaspersky Security for Windows Server examines the hash and allows the operating system to launch the specified files.
- Change selected package.
  Use this option to select a different executable file or distribution package, or to change the trust criteria.
- Import distribution packages list from file.
  You can import the list of trusted distribution packages from a configuration file. To be recognized by Kaspersky Security for Windows Server, such a file must satisfy the following parameters:
  - The file extension is TXT.
  - The file contains information structured as a list of lines, where each line includes data for one of the trusted files.
  - The file must contain a list in one of the following formats:
    - <file name>:<SHA256 hash>.
    - <SHA256 hash>*<file name>.
  In the Open window, specify the configuration file containing a list of trusted distribution packages.
If you want to remove a previously added application or distribution package for the trusted list, click the Delete distribution packages button. Extracted files will be allowed to run.
To prevent extracted files from starting, uninstall the application on the protected device or create a denying rule in the Applications Launch Control task settings.
Click OK.

Your newly configured settings are saved.

Kaspersky Security for Windows Server: Prompt detection of all kinds of threats

Launch control and exploit prevention for businesses of all sizes. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.