Creating allowing rules from Applications Launch Control task events
To create a configuration file that contains allowing rules generated from Applications Launch Control task events:
- Start the Applications Launch Control task in Statistics only mode to record information about all applications launches on a protected device in the task log.
- After the task finishes running in Statistics only mode, open the task log by clicking the Open task log button in the Management section of the Applications Launch Control node's detail pane.
- In the Logs window, click Generate rules based on events.
Kaspersky Security for Windows Server will generate an XML configuration file containing a rule list based on events of the Applications Launch Control task in Statistics only mode. You can apply this rule list in the Applications Launch Control task.
Before applying the rule list generated from the logged task events, we recommend that you review and manually process the list to be certain that the launch of critical files (for example, system files) is allowed by the specified rules.
All task events are recorded in the task log regardless of the task mode. You can generate a configuration file with a rule list based on the log created while the task is running in Active mode. This scenario is not recommended except for urgent cases, because a final rule list must be generated before the task is run in Active mode in order to make it efficient.
