|
|
|
Setting
|
Description
|
Values
|
AppControlMode
|
Application Control task operation mode.
|
AllowList – In this mode, Kaspersky Embedded Systems Security prevents all users from launching any applications that are not specified in the Application Control rules or signed with certificates trusted by Application Control.
DenyList (default value) – Kaspersky Embedded Systems Security allows users to launch any applications that are not specified in the Application Control rules.
|
UseTrustedCustomCerts
|
Enable trusted certificates for Application Control.
|
Yes (default value) – make Application Control use trusted certificates. Application Control in allowlist mode does not block applications that are signed with trusted certificates.
You can configure the list of trusted certificates for Application Control using application commands.
No – make Application Control ignore the list of trusted certificates.
|
AppControlRulesAction
|
The action that Kaspersky Embedded Systems Security performs upon detecting an attempt to start an application that matches the configured rules.
|
ApplyRules (default value) – Kaspersky Embedded Systems Security applies Application Control rules and performs the action specified in the rules.
TestRules – Kaspersky Embedded Systems Security tests the rules and generates an event about the detection of an application that matches the rule.
|
The [Categories.item_#] section contains the following settings:
|
Name
|
Name of the application category to which the rule applies.
|
|
UseIncludes
|
Usage of inclusive conditions to trigger the rule.
|
Yes – apply the rule to the application if the application meets at least one inclusive condition.
No (default value) – do not apply the rule to the application, even if the application meets the inclusive conditions.
|
IncludeFileNames.item_#
|
Name of the executable file that triggers the rule.
|
You can use masks to specify the file name. You can use the * character (any sequence of characters) or the ? character (any one character) as the file or directory name mask.
You can put the * character to represent any set of characters (including an empty set) in a file or directory name that includes the / character. For example, /dir/*/file*/ or /dir/file*/.
You can put a single ? character to represent any one character (including /) in the file or directory name.
|
IncludeFolders.item_#
|
Name of the directory with the application's executable file that triggers the rule.
|
You can use masks to specify the directory name. You can use the * character (any sequence of characters) or the ? character (any one character) as the file or directory name mask.
You can put the * character to represent any set of characters (including an empty set) in a file or directory name that includes the / character. For example, /dir/*/file*/ or /dir/file*/.
You can put a single ? character to represent any one character (including /) in the file or directory name.
|
IncludeHashes.item_#
|
SHA256 hash of the executable file that triggers the rule.
|
Only SHA256 can be used.
|
UseExcludes
|
Usage of excluding conditions to trigger the rule.
|
Yes – do not apply the rule to the application if the application meets at least one exclusive condition or does not meet any of the inclusive conditions.
No (default value) – apply the rule to the application, even if the application meets at least one exclusive condition.
|
ExcludeFileNames.item_#
|
Name of the executable file that triggers the rule.
|
You can use masks to specify the file name. You can use the * character (any sequence of characters) or the ? character (any one character) as the file or directory name mask.
You can put the * character to represent any set of characters (including an empty set) in a file or directory name that includes the / character. For example, /dir/*/file*/ or /dir/file*/.
You can put a single ? character to represent any one character (including /) in the file or directory name.
|
ExcludeFolders.item_#
|
Name of the directory with the application's executable file that triggers the rule.
|
You can use masks to specify the directory name. You can use the * character (any sequence of characters) or the ? character (any one character) as the file or directory name mask.
You can put the * character to represent any set of characters (including an empty set) in a file or directory name that includes the / character. For example, /dir/*/file*/ or /dir/file*/.
You can put a single ? character to represent any one character (including /) in the file or directory name.
|
ExcludeHashes.item_#
|
SHA256 hash of the executable file that triggers the rule.
|
Only SHA256 can be used.
|
The [AllowListRules.item_#] section contains a list of Application Control rules for the AllowList operation mode.
Each [AllowListRules.item_#] section contains the following settings:
|
Description
|
Description of the Application Control rule.
|
|
AppControlRuleStatus
|
Operation status of the Application Control rule:
|
On (default value): the rule is enabled, Kaspersky Embedded Systems Security applies this rule to Application Control.
Off: the rule is not used for the Application Control.
Test – Kaspersky Embedded Systems Security allows applications covered by the rule to be launched, but logs information about the launch of these applications in the report.
|
Category
|
Name of the application category for which the rule applies.
You can specify the "Golden Image" category.
|
|
The [AllowListRules.item_#.ACL.item_#] section contains a list of users who are allowed or denied to run applications.
|
Access
|
Access type assigned to a user or user group.
|
Allow (default value) — Allow running applications.
Block – Deny running applications.
|
Principal
|
User or user group to which the Application Control rule applies.
|
\Everyone (default value): the rule applies to all users.
<user name>: name of the user to whom the rule applies.
@<group name>: name of the group of users to whom the rule applies.
|
The [DenyListRules.item_#] section contains a list of Application Control rules for the DenyList operation mode.
Each [DenyListRules.item_#] section contains the following settings:
|
Description
|
Description of the Application Control rule.
|
|
AppControlRuleStatus
|
Operation status of the Application Control rule:
|
On (default value): the rule is enabled, Kaspersky Embedded Systems Security applies this rule to Application Control.
Off: the rule is not used for the Application Control.
Test – Kaspersky Embedded Systems Security allows applications covered by the rule to be launched, but logs information about the launch of these applications in the report.
|
Category
|
Name of the created application category to which the rule applies.
You can specify the "Golden Image" list of applications as a category.
|
|
The [DenyListRules.item_#.ACL.item_#] section contains a list of users who are allowed or denied to run applications.
|
Access
|
Access type assigned to a user or user group.
|
Allow – allow applications to start.
Block (default value) – do not allow applications to start.
|
Principal
|
User or user group to which the Application Control rule applies.
|
\Everyone (default value): the rule applies to all users.
<user name>: name of the user to whom the rule applies.
@<group name>: name of the group of users to whom the rule applies.
|