Application Control

The Application Control component monitors user attempts to start applications and regulates the startup of applications by using Application Control rules.

Startup of applications whose settings do not match any of the Application Control rules is regulated by the selected operating mode of the component. Black List mode is selected by default. This mode allows any user to start any application. When a user attempts to start an application that is blocked by Application Control rules, Kaspersky Endpoint Security blocks this application from starting (if the Apply rules action is selected) or saves information about the application startup in a report (if the Test rules action is selected).

All user attempts to start applications are logged in reports.

Application Control component settings

Parameter	Description
Test mode	If the toggle button is switched on, Kaspersky Endpoint Security allows the startup of an application that is blocked in the current Application Control mode, but logs information about its startup in the report.
Control mode	You can choose one of the following options: White List. If this option is selected, Application Control blocks all users from starting any applications, except in cases that satisfy the conditions of Application Control allow rules. Black List. If this option is selected, Application Control allows all users to start any applications, except in cases that satisfy the conditions of Application Control block rules. When White list mode is selected, two Application Control rules are automatically created: Golden Image. Trusted Updaters. You cannot edit the settings of or delete automatically created rules. You can enable or disable these rules.
Control DLL and drivers	If the check box is selected, Kaspersky Endpoint Security controls the loading of DLL modules when users attempt to start applications. Information about the DLL module and the application that loaded this DLL module is logged in the report. When enabling control over which DLL modules and drivers are loaded, make sure that one of the following rules is enabled in the Application Control section: the default Golden Image rule or another rule that contains the Trusted certificates KL category and ensures that trusted DLL modules and drivers are loaded before Kaspersky Endpoint Security is started. Enabling control over the loading of DLL modules and drivers when the Golden Image rule is disabled may cause instability in the operating system. Kaspersky Endpoint Security monitors only the DLL modules and drivers loaded since the Control DLL and drivers check box was selected. It is recommended to restart the computer after selecting the Control DLL and drivers check box in order for Kaspersky Endpoint Security to monitor all DLL modules and drivers, including those loaded before Kaspersky Endpoint Security starts.
Message templates	Message to user. The entry field contains the template of the message that is displayed when an Application Control rule that blocks an application from starting is triggered. Message to administrator. The entry field contains the template of the user's message that is sent to the LAN administrator if the user believes that application startup has been blocked by mistake.

See also: Managing the application via the local interface

Enabling and disabling Application Control

Application Control functionality limitations

Managing Application Control rules

Editing Application Control message templates

Selecting the Application Control mode

Managing Application Control rules

Best practices for implementing white list mode

Page top