Creating allowing rules from Kaspersky Security Center events

To generate allowing rules for applications from Kaspersky Security Center events in Applications Launch Control:

1. Open the Applications Launch Control rules window.
2. Click the Add button and, in the button’s context menu, select Create allowing rules for applications from Kaspersky Security Center events.
3. Select the principle for adding the rules to the list of previously created Application Launch Control rules:
   • Add to existing rules if you want to add the imported rules to the list of existing rules. Rules with identical settings are duplicated.
   • Replace existing rules if you want to replace the existing rules with the imported rules.
   • Merge with existing rules if you want to add the imported rules to the list of existing rules. Rules with identical settings are not added; the rule is added if at least one rule parameter is unique.

   The Applications launch control rules generation window opens.

4. Configure the following request settings:
   • Administration Server address
   • Port
   • User
   • Password
5. Select the types of events that you want the rule generation task to use:
   • Statistics only mode: application launch denied.
   • Application launch denied.
6. Select the time period from the Request events that were generated within the period drop-down list.
7. Select or clear the Prioritize the use of hash when generating rules check box.

   If the check box is selected, Kaspersky Security for Windows Server uses the checksum of the file to generate the rule when both the checksum and the certificate of the file are available.

   If the check box is cleared, Kaspersky Security for Windows Server uses the digital certificate of the file to generate the rule when both the checksum and the certificate of the file are available.

8. Click the Generate rules button.
9. Click the Save button in the Applications Launch Control rules window.

   The rule list in the Applications Launch Control task will be populated with new rules generated based on system data from the protected device with the Kaspersky Security Center Administration Console installed.

   If the list of Application Launch Control rules is already specified in the policy, Kaspersky Security for Windows Server adds the selected rules from the blocking events to the already specified rules. Rules with the same hash are not added, because all rules in the list must be unique.