Kaspersky Embedded Systems Security 3.4 for Linux Help

Kaspersky Embedded Systems Security for Linux

Print Support Send link

Configuring Application Control in the Administration Console

Configuring Application Control in the Administration Console

In the Administration Console, you can configure Application Control settings in the policy properties (Security Controls→ Application Control).

Application Control component settings

Setting	Description
Enable Application Control	The check box enables the Application Control component. This check box is cleared by default.
Action on application startup attempt	The action that Kaspersky Embedded Systems Security performs upon detecting an attempt to start an application that matches the configured rules: Apply rules (default value). If you select this option, Kaspersky Embedded Systems Security applies Application Control rules and performs the action specified in the rules. Test rules. If you select this option, Kaspersky Embedded Systems Security tests the rules and generates an event about an attempt to start an application that matches the rules.
Application Control mode	Application Control task operation mode: Allowlist. If you select this option, Kaspersky Embedded Systems Security prevents all users from launching any applications that are not specified in the Application Control rules or signed with certificates trusted by Application Control. Denylist (default value). If you select this option, Kaspersky Embedded Systems Security allows all users to launch any applications except those specified in the Application Control rules.
Trust applications signed by a trusted certificate	This check box enables or disables the use of the trusted certificate list by Application Control. When the check box is selected, Application Control in allowlist mode does not block applications that are signed with trusted certificates. This check box is available if the Application Control setting is set to Allowlist. The Configure button opens a window in which you can configure the list of trusted certificates for Application Control.
Application Control rules	This group of settings contains the Configure button. Clicking this button opens the Application Control rules window.
Applying rules	In the drop-down list, you can select how rules are added: Replace local rules with policy rules. When you select this item, the application applies only the rules specified in the policy. Add policy rules to local rules (default value). When you select this item, the application applies the rules specified in the policy together with the local rules configured on the protected device.

Page top

Application Control rules window

The Application Control rules table contains the rules used by the Application Control component. The Application Control rules table is empty by default.

Application Control rules settings

Setting	Description
Category name	The name of the application category that is used by the rule.
Status	Operation status of the Application Control rule: Enabled – the rule is enabled, Application Control applies this rule during operation. Disabled – the rule is disabled and is not used when the Application Control is running. Test – Application Control allows launching applications that meet the rule criteria, but logs information about launches of these applications in the report. You can change the rule status in the Add new rule window.

Setting

Description

Category name

The name of the application category that is used by the rule.

Status

Operation status of the Application Control rule:

Enabled – the rule is enabled, Application Control applies this rule during operation.
Disabled – the rule is disabled and is not used when the Application Control is running.
Test – Application Control allows launching applications that meet the rule criteria, but logs information about launches of these applications in the report.

You can change the rule status in the Add new rule window.

You can add, modify and remove Application Control rules.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

Page top

Adding rule window

In this window, you can configure the settings for the Application Control rule.

Adding the Application Control rule

Setting	Description
Description	Description of the Application Control rule.
Rule status	In the drop-down list, you can select the status of the Application Control rule: Enabled – the rule is enabled, Application Control applies this rule during operation. Disabled – the rule is disabled and is not used when the Application Control is running. Test – Application Control allows launching applications that meet the rule criteria, but logs information about launches of these applications in the report.
Category	The group of settings contains the Configure button. Clicking this button opens the Application categories window.
Users and their rights	The table contains a list of users or user groups to which the Application Control rule applies, and the types of access assigned to them, and consists of the following columns: User or group name – names of users or names of user groups to which the Application Control rule applies. Access – the type of access: Allow launching the applications or Block launching the applications. You can add, edit, and delete users or user groups. Clicking the Delete button removes the selected item from the table. This button is available if at least one item is selected in the table.

Page top

Application categories window

In this window, you can add a new category or configure the category settings for an Application Control rule.

Kaspersky Embedded Systems Security does not support use of the KL categories of Kaspersky Security Center.

Application Control categories

Setting	Description
Category name	List of the added Application Control categories.
Add	Clicking the button starts the category creation wizard. Follow the instructions of the Wizard. For details about creating a category, refer to the Kaspersky Security Center Help.
Edit	Clicking this button opens the category properties window, where you can change the category settings. The Golden Image (local) category cannot be edited.

Setting

Description

Category name

List of the added Application Control categories.

Add

Clicking the button starts the category creation wizard. Follow the instructions of the Wizard.

For details about creating a category, refer to the Kaspersky Security Center Help.

Edit

Clicking this button opens the category properties window, where you can change the category settings. The Golden Image (local) category cannot be edited.

Page top

User or group window

In this window, you can specify a local or domain user or user group for which you want to configure a rule.

Adding the Application Control rule

Setting	Description
Type	The User or Group to which the Application Control rule applies.
User or group name	Name of the user or user group to which the Application Control rule applies.
Access	Access type: Allow launching the applications or Block launching the applications.

Page top

Trusted certificates of Application Control window

You can configure a list of certificates that will be trusted by Application Control. Application Control allows running applications signed by certificates from this list.

The following information is displayed for each certificate:

certificate subject
certificate serial number
certificate issuer
certificate start date
certificate expiration date
SHA256 certificate fingerprint

By default, the certificate list is empty.

You can add and remove certificates.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

Page top

Adding certificate window

In this window, you can add a certificate to the trusted certificate list in one of the following ways:

Indicate the path to the certificate file. The Browse button opens the standard file selection window. Indicate the path to the file that contains the certificate, in DER or PEM format.
Copy the contents of the certificate file to the Enter certificate details field.

Page top

Contents

Configuring Application Control in the Administration Console

Application Control rules window

Adding rule window

Application categories window

User or group window

Trusted certificates of Application Control window

Adding certificate window