Application Control modes and categories
The Application Control component monitors users' attempts to start executable files. You can use Application Control rules to control the startup of executable files.
Application Control component is available for Kaspersky Endpoint Security for Windows and for Kaspersky Endpoint Security for Linux (version 11.2 and later). All the instructions in this section describe configuration of Application Control for Kaspersky Endpoint Security.
Startup of executable files whose settings do not match any of the Application Control rules is regulated by the selected operating mode of the component:
- Denylist. The mode is used if you want to allow the startup of all executable files except those specified in block rules. Denylist mode is selected by default.
- Allowlist. The mode is used if you want to block the startup of all executable files except those specified in allow rules.
The Application Control rules are implemented through categories for executable files. In Kaspersky Security Center Cloud Console there are two types of categories:
- Category with content added manually. You define conditions, for example, file metadata, file hashcode, file certificate, KL category, file path, to include executable files in the category.
- Category that includes executable files from selected devices. You specify a device whose executable files are automatically included in the category.
For detailed information about Application Control, refer to the following Help topics:
- Kaspersky Endpoint Security for Windows Online Help
- Kaspersky Endpoint Security for Linux Online Help
