Adding event-related executable files to the application category

December 9, 2024

ID 186329

Expand all | Collapse all

After you configure Application Control in the Kaspersky Endpoint Security for Windows policies, the following events will be displayed in the list of events:

  • Application startup prohibited (Critical event). This event is displayed if you have configured Application Control to apply rules.
  • Application startup prohibited in test mode (Info event). This event is displayed if you have configured Application Control to test rules.
  • Message to administrator about application startup prohibition (Warning event). This event is displayed if you have configured Application Control to apply rules and a user has requested access to the application that is blocked at startup.

It is recommended to create event selections to view events related to Application Control operation.

You can add executable files related to Application Control events to an existing application category or to a new application category. You can add executable files only to an application category with content added manually.

To add executable files related to Application Control events to an application category:

  1. In the main menu, go to Monitoring & reporting → Event selections.

    The list of event selections is displayed.

  2. Select the event selection to view events related to Application Control and start this event selection.

    If you have not created event selection related to Application Control, you can select and start a predefined selection, for example, Recent events.

    The list of events is displayed.

  3. Select the events whose associated executable files you want to add to the application category, and then click the Assign to category button.

    The New category wizard starts. Proceed through the wizard by using the Next button.

  4. On the wizard page, specify the relevant settings:
    • In the Action on executable file related to the event section, select one of the following options:
      • Add to a new application category
      • Add to an existing application category
    • In the Rule type section, select one of the following options:
      • Rules for adding to inclusions
      • Rules for adding to exclusions
    • In the Parameter used as a condition section, select one of the following options:
      • Certificate details (or SHA256 hashes for files without a certificate)
      • Certificate details (files without a certificate will be skipped)
      • Only SHA256 (files without a hash will be skipped)
      • Only MD5 (discontinued mode, only for Kaspersky Endpoint Security 10 Service Pack 1 version)
  5. Click OK.

When the wizard finishes, executable files related to the Application Control events are added to the existing application category or to a new application category. You can view settings of the application category that you have modified or created.

For detailed information about Application Control, refer to the following Help topics:

See also:

Using Application Control to manage executable files

');
Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company
Web and device controls. Data encryption. Centralized and convenient management from a single console.
');
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).