Configuring Application Control in the Kaspersky Endpoint Security for Windows policy
After you create Application Control categories, you can use them for configuring Application Control in Kaspersky Endpoint Security for Windows policies.
To configure Application Control in the Kaspersky Endpoint Security for Windows policy:
- In the main menu, go to Assets (Devices) → Policies & profiles.
A page with a list of policies is displayed.
- Click Kaspersky Endpoint Security for Windows policy.
The policy settings window opens.
- Go to Application settings → Security Controls → Application Control.
The Application Control window with Application Control settings is displayed.
- The Application Control option is enabled by default. Switch the toggle button Application Control DISABLED to disable the option.
- In the Application Control Settings block settings, enable the operation mode to apply the Application Control rules and allow Kaspersky Endpoint Security for Windows to block startup of applications.
If you want to test the Application Control rules, in the Application Control Settings section, enable test mode. In test mode, Kaspersky Endpoint Security for Windows does not block startup of applications, but logs information about triggered rules in the report. Click the View report link to view this information.
- Enable the Control DLL modules load option if you want Kaspersky Endpoint Security for Windows to monitor the loading of DLL modules when applications are started by users.
Information about the module and the application that loaded the module will be saved to a report.
Kaspersky Endpoint Security for Windows monitors only the DLL modules and drivers loaded after the Control DLL modules load option is selected. Restart the computer after selecting the Control DLL modules load option if you want Kaspersky Endpoint Security for Windows to monitor all DLL modules and drivers, including those loaded before Kaspersky Endpoint Security for Windows is started.
- (Optional) In the Message templates block, change the template of the message that is displayed when an application is blocked from starting and the template of the email message that is sent to you.
- In the Application Control Mode block settings, select the Denylist or Allowlist mode.
By default, the Denylist mode is selected.
- Click the Rules Lists Settings link.
The Denylists and allowlists window opens to let you add an application category. By default, the Denylist tab is selected if the Denylist mode is selected, and the Allowlist tab is selected if the Allowlist mode is selected.
- In the Denylists and allowlists window, click the Add button.
The Application Control rule window opens.
- Click the Please choose a category link.
The Application Category window opens.
- Add the application category (or categories) that you created earlier.
You can edit the settings of a created category by clicking the Edit button.
You can create a new category by clicking the Add button.
You can delete a category from the list by clicking the Delete button.
- After the list of application categories is complete, click the OK button.
The Application Category window closes.
- In the Application Control rule window, in the Subjects and their rights section, create a list of users and groups of users to apply the Application Control rule.
- Click the OK button to save the settings and to close the Application Control rule window.
- Click the OK button to save the settings and to close the Denylists and allowlists window.
- Click the OK button to save the settings and to close the Application Control window.
- Close the window with the Kaspersky Endpoint Security for Windows policy settings.
Application Control is configured. After the policy is propagated to the client devices, the startup of executable files is managed.
For detailed information about Application Control, refer to the following Help topics:
- Kaspersky Endpoint Security for Windows Online Help
- Kaspersky Endpoint Security for Linux Online Help