Adding a trigger condition for an Application Control rule

To add a new trigger condition for an Application Control rule:

  1. Open the application settings window.
  2. In the left part of the window, in the Security Controls section, select the Application Control subsection.

    In the right part of the window, the settings of the Application Control component are displayed.

  3. Select the Enable Application Control check box to make the component settings available for editing.
  4. Do one of the following:
    • If you want to create a new rule and add a trigger condition to it, click the Add button.
    • If you want to add a trigger condition to an existing rule, select the rule in the list of rules and click the Edit button.

    The Application Control rule window opens.

  5. In the Inclusion conditions or Exclusion conditions table, click the Add button.

You can use the drop-down list under the Add button to add various trigger conditions to the rule (please refer to the instructions below).

 

To add a rule trigger condition based on the properties of files in the specified folder:

  1. In the drop-down list under the Add button, select Condition(s) from properties of files in the specified folder.

    The standard Select folder window of Microsoft Windows opens.

  2. In the Select folder window, select a folder that contains the executable files of applications whose properties you want to use as the basis for one or several conditions for triggering a rule.
  3. Click OK.

    The Add condition window opens.

  4. In the Show criterion drop-down list, select the criterion based on which you want to create one or several rule trigger conditions: File hash code, Certificate, KL category, Metadata or Folder path.

    Kaspersky Endpoint Security does not support an MD5 file hash code and does not control startup of applications based on an MD5 hash. An SHA256 hash is used as a rule trigger condition.

  5. If you selected Metadata in the Show criterion drop-down list, select the check boxes opposite the executable file properties that you want to use in the rule trigger condition: File name, File version, Application name, Application version, and Vendor.

    If none of the specified properties are selected, the rule cannot be saved.

  6. If you selected Certificate in the Show criterion drop-down list, select the check boxes opposite the settings that you want to use in the rule trigger condition: Issuer, Principal, and Thumbprint.

    If none of the specified settings are selected, the rule cannot be saved.

    It is not recommended to use only the Issuer and Principal criteria as rule trigger conditions. Use of these criteria is unreliable.

  7. Select the check boxes opposite the names of application executable files whose properties you want to include in the rule trigger conditions.
  8. Click the Next button.

    A list of formulated rule trigger conditions appears.

  9. In the list of formulated rule trigger conditions, select the check boxes opposite the rule trigger conditions that you want to add to the Application Control rule.
  10. Click the Terminate button.

To add a rule trigger condition based on the properties of applications that started on the computer:

  1. In the drop-down list under the Add button, select Condition(s) from properties of started applications.
  2. In the Add condition window, in the Show criterion drop-down list, select the criterion based on which you want to create one or several rule trigger conditions: File hash code, Certificate, KL category, Metadata or Folder path.

    Kaspersky Endpoint Security does not support an MD5 file hash code and does not control startup of applications based on an MD5 hash. An SHA256 hash is used as a rule trigger condition.

  3. If you selected Metadata in the Show criterion drop-down list, select the check boxes opposite the executable file properties that you want to use in the rule trigger condition: File name, File version, Application name, Application version, and Vendor.

    If none of the specified properties are selected, the rule cannot be saved.

  4. If you selected Certificate in the Show criterion drop-down list, select the check boxes opposite the settings that you want to use in the rule trigger condition: Issuer, Principal, and Thumbprint.

    If none of the specified settings are selected, the rule cannot be saved.

    It is not recommended to use only the Issuer and Principal criteria as rule trigger conditions. Use of these criteria is unreliable.

  5. Select the check boxes opposite the names of application executable files whose properties you want to include in the rule trigger conditions.
  6. Click the Next button.

    A list of formulated rule trigger conditions appears.

  7. In the list of formulated rule trigger conditions, select the check boxes opposite the rule trigger conditions that you want to add to the Application Control rule.
  8. Click the Terminate button.

To add a rule trigger condition based on a KL category:

  1. In the drop-down list under the Add button, select Condition(s) "KL category".

    A KL category is a list of applications that have shared theme attributes. The list is maintained by Kaspersky experts. For example, the KL category of "Office applications" includes applications from the Microsoft Office suite, Adobe® Acrobat®, and others.

  2. In the Condition(s) "KL category" window, select the check boxes opposite the names of those KL categories based on which you want to create rule trigger conditions.

    You can click the unfold_key button on the left of the KL category name to selectively mark nested KL categories.

  3. Click OK.

To add a custom rule trigger condition:

  1. In the drop-down list under the Add button, select Custom condition.
  2. In the Custom condition window, click the Select button and specify the path to the application executable file.
  3. Select the criterion based on which you want to create a rule trigger condition: File hash code, Certificate, Metadata or Path to file or folder.

    Kaspersky Endpoint Security does not support an MD5 file hash code and does not control startup of applications based on an MD5 hash. An SHA256 hash is used as a rule trigger condition.

    If you are using a symbolic link in the Path to file or folder field, you are advised to resolve the symbolic link for correct operation of the Application Control rule. To do so, click the Resolve symbolic link button.

  4. Configure the settings of the selected criterion.
  5. Click OK.

To add a rule trigger condition based on information about the drive storing the executable file of an application:

  1. In the drop-down list under the Add button, select Condition by file drive.
  2. In the Condition by file drive window, in the Drive drop-down list, select the type of storage device from which the startup of applications will serve as a rule trigger condition.
  3. Click OK.
Page top