Kaspersky Embedded Systems Security for Linux
- Kaspersky Embedded Systems Security 3.3 for Linux
- Preparing to install the application
- Installing the application
- Deploying the application using the command line
- Installing the application using the command line
- Post-installation configuration of the application in interactive mode
- Selecting the locale
- Viewing the End User License Agreement and the Privacy Policy
- Accepting the End User License Agreement
- Accepting the Privacy Policy
- Using Kaspersky Security Network
- Assigning the Administrator role to a user
- Determining the file operation interceptor type
- Enabling automatic configuration of SELinux
- Configuring the update source
- Configuring proxy server settings
- Downloading application databases
- Enabling automatic application database update
- Application activation
- Post-installation configuration of the application in automatic mode
- Settings in the configuration file for post-installation configuration
- Installing and configuring Kaspersky Security Center Network Agent
- Installing Kaspersky Embedded Systems Security administration plug-ins
- Deploying the application using Kaspersky Security Center
- Running the application on Astra Linux in closed software environment mode
- Configuring permissive rules in the SELinux system
- Deploying the application using the command line
- Uninstalling the application
- Application licensing
- Data provision
- Managing the application using the command line
- Starting and stopping the application
- Displaying Help on the commands
- Enabling automatic addition of kess-control commands (bash completion)
- Enabling the display of events
- Viewing information about the application
- Description of the application commands
- Using filters to limit query results
- Exporting and importing application settings
- Setting the application memory usage limit
- User roles
- General application settings
- Managing application tasks using the command line
- View the list of tasks
- Creating a new task
- Editing task settings using a configuration file
- Editing task settings using the command line
- Resetting task settings to their default values
- Starting and stopping a task
- Viewing a task state
- Scheduling a task
- Managing scan scopes from the command line
- Managing exclusion scopes from the command line
- Deleting a task
- Encrypted connections scan
- File Threat Protection task (File_Threat_Protection, ID:1)
- Malware Scan task (Scan_My_Computer, ID:2)
- Custom Scan task (Scan_File, ID:3)
- Critical Areas Scan task (Critical_Areas_Scan, ID:4)
- Update task (Update, ID:6)
- Rollback task (Rollback, ID:7)
- Licensing task (License, ID:9)
- Storage management task (Backup, ID:10)
- System Integrity Monitoring task (System_Integrity_Monitoring, ID:11)
- Firewall Management task (Firewall_Management, ID:12)
- About network packet rules
- About dynamic rules
- About the predefined network zone names
- Firewall Management task settings
- Adding a network packet rule
- Deleting a network packet rule
- Changing the execution priority of a network packet rule
- Adding a network address to a zone section
- Deleting a network address from a zone section
- Anti-Cryptor task (Anti_Cryptor, ID:13)
- Web Threat Protection task (Web_Threat_Protection, ID:14)
- Device Control task (Device_Control, ID:15)
- Removable Drives Scan task (Removable_Drives_Scan, ID:16)
- Network Threat Protection task (Network_Threat_Protection, ID:17)
- Container Scan task (Container_Scan, ID:18)
- Custom Container Scan task (Custom_Container_Scan, ID:19)
- Behavior Detection task (Behavior_Detection, ID:20)
- Application Control task (Application_Control, ID:21)
- Inventory task (Inventory_Scan, ID:22)
- Using Kaspersky Security Network
- Events and reports
- Managing the application using the Administration Console
- Starting and stopping the application on a client device
- Viewing the protection status of a device
- Viewing application settings
- Updating application databases and modules
- Managing policies in the Administration Console
- Policy settings
- File Threat Protection
- Exclusion scopes
- Exclusions by process
- Firewall Management
- Web Threat Protection
- Network Threat Protection
- Kaspersky Security Network
- Application Сontrol
- Anti-Cryptor
- System Integrity Monitoring
- Device Control
- Behavior Detection
- Task management
- Removable Drives Scan
- Proxy server settings
- Application settings
- Container scan settings
- Network settings
- Global exclusions
- Excluding process memory
- Storage settings
- Managing tasks in the Administration Console
- Task settings
- Manually checking the connection with the Administration Server. Klnagchk utility
- Manually connecting to the Administration Server. Klmover utility
- Remote diagnostics of client devices. Kaspersky Security Center remote diagnostics utility
- Remote application administration using Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console
- Logging in and out of the Web Console and Cloud Console
- Starting and stopping the application on a client device
- Viewing the protection status of a device
- Updating application databases and modules
- Managing policies in the Web Console
- Policy settings
- Application settings tab
- File Threat Protection
- Scan exclusions
- Firewall Management
- Web Threat Protection
- Network Threat Protection
- Kaspersky Security Network
- Anti-Cryptor
- System Integrity Monitoring
- Application Сontrol
- Device Control
- Behavior Detection
- Task management
- Removable Drives Scan
- Proxy server settings
- Application settings
- Container scan settings
- Network settings
- Global exclusions
- Storage settings
- Managing tasks in the Web Console
- Task settings
- Configuring remote diagnostics of client devices
- Managing application using graphical user interface
- Application components integrity check
- Contact Technical Support
- Appendices
- Appendix 1. Resource consumption optimization
- Appendix 2. Application configuration files
- Application settings configuration files
- Rules for editing application task configuration files
- File Threat Protection task configuration file
- Configuration file for the Malware Scan task
- Custom Scan task configuration file
- Critical Areas Scan task configuration file
- Update task configuration file
- Storage management task configuration file
- System Integrity Monitoring task configuration file
- Firewall Management task configuration file
- Anti-Cryptor task configuration file
- Web Threat Protection task configuration file
- Device Control task configuration file
- Removable Drives Scan task configuration file
- Network Threat Protection task configuration file
- Container Scan task configuration file
- Behavior Detection task configuration file
- Application Control task configuration file
- Inventory task configuration file
- Appendix 3. Command line return codes
- Sources of information about the application
- Glossary
- Active key
- Active policy
- Administration group
- Administration Server
- Application activation
- Application databases
- Application settings
- Database of malicious web addresses
- Database of phishing web addresses
- Exclusion
- False positive
- File mask
- Group policy
- Group task
- Infected object
- Kaspersky update servers
- License
- License certificate
- Object disinfection
- Policy
- Proxy server
- Reserve key
- Startup objects
- Subscription
- Trusted device
- Trusted zone
- Information about third-party code
- Trademark notices
Application Control task (Application_Control, ID:21)
During execution of the Application Control task, Kaspersky Embedded Systems Security controls the launching of applications on user devices. This helps reduce the risk of device infection by restricting access to applications. Application launching is regulated by Application Control rules.
The Application Control task can operate in two modes:
- Denylist. In this mode Kaspersky Embedded Systems Security allows all users to launch any applications that are not specified in the Application Control rules. This is the default operation mode of the Application Control task.
- Allowlist. In this mode Kaspersky Embedded Systems Security prevents all users from launching any applications that are not specified in the Application Control rules.
Thus, if the Application Control rules are created to the fullest extent possible, Kaspersky Embedded Systems Security prohibits the launching of all new applications that are not verified by the administrator of the organization's local network, but ensures the performance of the operating system and verified applications that users need to perform their job duties.
The Kaspersky Security Center administrator or a local user with the admin role assigned in the application can control process start under the root account with the help of Application Control.
For each operation mode of the Application Control task, separate rules can be created and an action can be specified: apply rules or test rules. Kaspersky Embedded Systems Security performs this action when it detects an attempt to start an application on a user device.
If you change the list of allowed applications or prohibit the launch of all applications or applications affecting Kaspersky Embedded Systems Security's operation, then when modifying the task settings using the configuration file or using the command line, run the --set-settings command with the --accept flag.
Kaspersky Embedded Systems Security supports the following interpreters: python, perl, bash, ssh.
The Application Control task does not control the launching of scripts from interpreters that are not supported by Kaspersky Embedded Systems Security, or the launching of scripts that are not passed to the interpreter via the command line. If the interpreter is allowed to launch by the Application Control rules, Kaspersky Embedded Systems Security does not block the script launched from this interpreter. If the launch of at least one script specified in the interpreter command line is prohibited by the Application Control rules, Kaspersky Embedded Systems Security blocks all the scripts specified in the interpreter command line. Exclusion: cat script.py | python.
|
In this Help section About Application Control rules |