Selecting the Application Startup Control mode

To select the Application Startup Control mode:

  1. Open the application settings window.
  2. In the left part of the window, in the Endpoint control section, select the Application Startup Control subsection.

    In the right part of the window, the settings of the Application Startup Control component are displayed.

  3. Select the Enable Application Startup Control to make the component settings available for editing.
  4. In the Application Startup Control mode drop-down list, select one of the following options:
    • Black List, if you want to allow the startup of all applications except the applications specified in block rules.
    • White List, if you want to block the startup of all applications except the applications specified in allow rules.

      When this mode is selected, two Application Startup Control rules are created by default: Golden Image and Trusted Updaters. You cannot delete these rules. The settings of these rules cannot be edited. You can enable or disable these rules by selecting or clearing the check box opposite the relevant rule. By default, the Golden Image rule is enabled, and the Trusted Updaters rule is disabled. All users are allowed to start applications that match the trigger conditions of these rules.

    All rules created during the selected mode are saved after the mode is changed so that the rules can be used again. To revert to using these rules, all you have to do is select the necessary mode in the Application Startup Control mode drop-down list.

  5. In the Action drop-down list, select the action to be performed by the component when a user attempts to start an application that is blocked by Application Startup Control rules.
  6. Select the Monitor DLL and drivers check box if you want Kaspersky Endpoint Security to monitor the loading of DLL modules when applications are started by users.

    Information about the module and the application that loaded the module will be saved to a report.

    If the check box is selected, DLL modules and drivers are monitored before Kaspersky Endpoint Security is started. To configure subsequent monitoring of all DLL modules and drivers before application startup, restart the computer after selecting the Monitor DLL and drivers check box. If you are unable to restart the computer, after selecting the Monitor DLL and drivers check box you can load DLL modules and drivers while Kaspersky Endpoint Security is running. In this case, monitoring takes effect only for DLL modules and drivers that are loaded while Kaspersky Endpoint Security is running.

    When monitoring DLL modules and drivers, it is not recommended to use Application Startup Control rules that were created based on KL categories. Determining KL categories (including in the “Operating system and its components” rules) for DLL modules and drivers may not work correctly. In particular, the “Operating system and its components” rule was created by default and is not distributed at DLL module and driver launch. When turning on this function, it is necessary to create separate allow rules for DLL modules and drivers. Using the Control DLL and drivers function if such allow rules do not exist could make the system unstable.

    We recommend password protection be turned on to configure program settings so that it is possible to turn off allow rules blocking the launch of critically important DLL modules and drivers while not changing Kaspersky Security Center policy settings in the process.

  7. To save changes, click the Save button.
Page top