Kaspersky Embedded Systems Security for Linux
3.3.0
English

Contents

Application Сontrol

During execution of the Application Control task, Kaspersky Embedded Systems Security controls the launching of applications on user devices. This helps reduce the risk of device infection by restricting access to applications. Application launching is regulated by Application Control rules.

Application Control can operate in two modes:

  • Denylist. In this mode Kaspersky Embedded Systems Security allows all users to launch any applications that are not specified in the Application Control rules. This is the default operation mode of the Application Control component.
  • Allowlist. In this mode Kaspersky Embedded Systems Security prevents all users from launching any applications that are not specified in the Application Control rules.

For each Application Control operation mode, separate rules can be created and an action can be specified: apply rules or test rules. Kaspersky Embedded Systems Security performs this action when it detects an attempt to start an application.

The Application Control settings are described in the following table.

Application Control settings

Setting

Description

Enable Application Control

The check box enables the Application Control component.

This check box is cleared by default.

Action on application startup attempt

The action that Kaspersky Embedded Systems Security performs upon detecting an attempt to start an application that matches the configured rules:

  • Apply rules (default value). If you select this option, Kaspersky Embedded Systems Security applies Application Control rules and performs the action specified in the rules.
  • Test rules. If you select this option, Kaspersky Embedded Systems Security tests the rules and generates an event about detection of the applications that match the rules.

Application Control mode

Application Control task operation mode:

  • Allowlist. If you select this option, Kaspersky Embedded Systems Security prevents all users from launching any applications except those specified in the Application Control rules.
  • Denylist (default value). If you select this option, Kaspersky Embedded Systems Security allows all users to launch any applications except those specified in the Application Control rules.

Application Control rules

This group of settings contains the Configure button. Clicking this button opens the Application Control rules window.

Page top

[Topic 246002]

Application Control rules window

The Application Control rules table contains the rules used by the Application Control component. The Application Control rules table is empty by default.

Application Control rules settings

Setting

Description

Category name

The name of the application category that is used by the rule.

Status

Operation status of the Application Control rule:

  • Enabled – the rule is enabled, Application Control applies this rule during operation.
  • Disabled – the rule is disabled and is not used when the Application Control is running.
  • Test – Application Control allows launching applications that meet the rule criteria, but logs information about launches of these applications in the report.

You can change the rule status in the Add new rule window.

You can add, modify and remove Application Control rules.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Page top
[Topic 246003]

Adding rule window

In this window, you can configure the settings for the created Application Control rule.

Adding the Application Control rule

Setting

Description

Description

Description of the Application Control rule.

Rule status

In the drop-down list, you can select the status of the Application Control rule:

  • Enabled – the rule is enabled, Application Control applies this rule during operation.
  • Disabled – the rule is disabled and is not used when the Application Control is running.
  • Test – Application Control allows launching applications that meet the rule criteria, but logs information about launches of these applications in the report.

Category

This group of settings contains the Configure button. Clicking this button opens the Application Control categories window.

Access control list

The table contains a list of users or user groups to which the Application Control rule applies, and the types of access assigned to them, and consists of the following columns:

  • Principal name – name of the user or user group to which the Application Control rule applies.
  • Access – access type: Allow access or Block access.

     

You can add, edit, and delete principals.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

Page top

[Topic 246004]

Application Control categories window

In this window, you can add a new category or configure the category settings for an Application Control rule.

Kaspersky Embedded Systems Security does not support use of the KL categories of Kaspersky Security Center.

Application Control categories

Setting

Description

Category name

List of the added Application Control categories.

Add

Clicking the button starts the category creation wizard. Follow the instructions of the Wizard.

Edit

Clicking this button opens the category properties window, where you can change the category settings.

Page top

[Topic 246005]

Principal name window

In this window, you can specify a local or domain user or user group for which you want to configure a rule.

Adding the Application Control rule

Setting

Description

Principal type

Principal type to which the rule applies: User or Group.

User or group name

Name of the user or user group to which the Application Control rule applies.

Access

Access type: Allow access or Block access.

Page top

[Topic 246006]