Adding event-related executable files to the application category
After you configure Application Control in the Kaspersky Endpoint Security for Windows policies, the following events will be displayed in the list of events:
- Application startup prohibited (Critical event). This event is displayed if you have configured Application Control to apply rules.
- Application startup prohibited in test mode (Info event). This event is displayed if you have configured Application Control to test rules.
- Message to administrator about application startup prohibition (Warning event). This event is displayed if you have configured Application Control to apply rules and a user has requested access to the application that is blocked at startup.
It is recommended to create event selections to view events related to Application Control operation.
You can add executable files related to Application Control events to an existing application category or to a new application category. You can add executable files only to an application category with content added manually.
To add executable files related to Application Control events to an application category:
- In the main menu, go to Monitoring & reporting → Event selections.
The list of event selections is displayed.
- Select the event selection to view events related to Application Control and start this event selection.
If you have not created event selection related to Application Control, you can select and start a predefined selection, for example, Recent events.
The list of events is displayed.
- Select the events whose associated executable files you want to add to the application category, and then click the Assign to category button.
The New category wizard starts. Proceed through the wizard by using the Next button.
- On the wizard page, specify the relevant settings:
- In the Action on executable file related to the event section, select one of the following options:
- In the Rule type section, select one of the following options:
- Rules for adding to inclusions
- Rules for adding to exclusions
- In the Parameter used as a condition section, select one of the following options:
- Click OK.
When the wizard finishes, executable files related to the Application Control events are added to the existing application category or to a new application category. You can view settings of the application category that you have modified or created.
For detailed information about Application Control, refer to the following Help topics:
- Kaspersky Endpoint Security for Windows Online Help
- Kaspersky Endpoint Security for Linux Online Help