- Kaspersky Endpoint Security 11.2.0 for Linux
- What's new
- Installing the application
- Installing Kaspersky Endpoint Security using the command line
- Initial configuration of the application in interactive mode
- Selecting the locale
- Viewing the End User License Agreement and the Privacy Policy
- Accepting the End User License Agreement
- Accepting the Privacy Policy
- Using Kaspersky Security Network
- Assigning the Administrator role to a user
- Determining the file operation interceptor type
- Configuring the update source
- Configuring proxy server settings
- Downloading application databases
- Enabling automatic application database update
- Application activation
- Initial configuration of the application in automatic mode
- Settings of the Kaspersky Endpoint Security initial setup configuration file
- Installing Network Agent using the command line
- Initial configuration of the Network Agent using the command line
- About Kaspersky Endpoint Security administration web plug-in
- Installing Kaspersky Endpoint Security via Kaspersky Security Center
- Installing Kaspersky Endpoint Security using the Web Console
- Getting started using Kaspersky Security Center
- Activating the application using Kaspersky Security Center
- Running the application on Astra Linux in closed software environment mode
- Configuring permissive rules in the SELinux system
- Updating the application from a previous version
- Uninstalling the application
- Application licensing
- About providing and processing data
- Managing the application using the command line
- Starting and stopping the application
- Displaying Help on the commands
- Enabling the display of events
- Viewing information about the application
- Description of the application commands
- Using filters to limit query results
- Exporting and importing application settings
- Setting the application memory usage limit
- Application components integrity check
- General application settings
- Encrypted connections scan
- User roles
- Managing application tasks using the command line
- View the list of tasks
- Creating a new task
- Editing task settings using a configuration file
- Editing task settings using the command line
- Resetting task settings to their default values
- Starting and stopping a task
- Managing scan scopes from the command line
- Managing exclusion scopes from the command line
- Viewing a task state
- Scheduling a task
- Deleting a task
- File Threat Protection task (File_Threat_Protection, ID:1)
- Virus Scan task (Scan_My_Computer, ID:2)
- Custom Scan task (Scan_File, ID:3)
- Critical Areas Scan task (Critical_Areas_Scan, ID:4)
- Update task (Update, ID:6)
- Rollback task (Rollback, ID:7)
- Licensing task (License, ID:9)
- Storage management task (Backup, ID:10)
- System Integrity Monitoring task (System_Integrity_Monitoring, ID:11)
- Firewall Management task (Firewall_Management, ID:12)
- About network packet rules
- About dynamic rules
- About the predefined network zone names
- Firewall Management task settings
- Adding a network packet rule
- Deleting a network packet rule
- Changing the execution priority of a network packet rule
- Adding a network address to a zone section
- Deleting a network address from a zone section
- Anti-Cryptor task (Anti_Cryptor, ID:13)
- Web Threat Protection task (Web_Threat_Protection, ID:14)
- Device Control task (Device_Control, ID:15)
- Removable Drives Scan task (Removable_Drives_Scan, ID:16)
- Network Threat Protection task (Network_Threat_Protection, ID:17)
- Container Scan task (Container_Scan, ID:18)
- Custom Container Scan task (Custom_Container_Scan, ID:19)
- Behavior Detection task (Behavior_Detection, ID:20)
- Application Control task (Application_Control, ID:21)
- Inventory Scan task (Inventory_Scan, ID:22)
- Participating in Kaspersky Security Network
- Integration with Kaspersky Managed Detection and Response
- KESL container
- Events and reports
- Managing the application using Kaspersky Security Center Administration Console
- Starting and stopping the application on a client device
- Viewing the protection status of a device
- Viewing application settings
- Updating application databases and modules
- Managing policies in the Administration Console
- Policy settings
- File Threat Protection
- Exclusion scopes
- Firewall Management
- Web Threat Protection
- Network Threat Protection
- Kaspersky Security Network
- Application Control
- Anti-Cryptor
- System Integrity Monitoring
- Device Control
- Behavior Detection
- Task management
- Removable Drives Scan
- Proxy server settings
- Application settings
- Container Scan settings
- Managed Detection and Response
- Network settings
- Global exclusions
- Storage settings
- Managing tasks in the Administration Console
- Task settings
- Configuring integration with Kaspersky Managed Detection and Response
- Configuring KESL container settings
- Manually checking the connection with the Administration Server. Klnagchk utility
- Manually connecting to the Administration Server. Klmover utility
- Remote application administration using Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console
- Logging in and out of the Web Console and Cloud Console
- Starting and stopping the application on a client device
- Updating application databases and modules
- Viewing the protection status of a device
- Managing policies in the Web Console
- Policy settings
- Application settings tab
- File Threat Protection
- Scan exclusions
- Firewall Management
- Web Threat Protection
- Network Threat Protection
- Kaspersky Security Network
- Anti-Cryptor
- System Integrity Monitoring
- Application Control
- Device Control
- Behavior Detection
- Task management
- Removable Drives Scan
- Proxy server settings
- Application settings
- Container Scan settings
- Managed Detection and Response
- Network settings
- Global exclusions
- Storage settings
- Managing tasks in the Web Console
- Task settings
- Virus Scan. Scan settings section
- Virus Scan. Scan scopes section
- Virus Scan. Exclusion scopes section
- Critical Areas Scan. Scan settings section
- Critical Areas Scan. Scan scopes section
- Critical Areas Scan. Exclusion scopes section
- System Integrity Check. Scan settings section
- System Integrity Check. Exclusion scopes section
- Container Scan. Scan settings section
- Container Scan. Exclusion scopes section
- Add Key
- Update. Database update source section
- Update. Settings section
- Rollback
- Inventory. Scan settings section
- Inventory. Exclusion scopes section
- Configuring integration with Kaspersky Managed Detection and Response
- Configuring KESL container settings
- Managing application using graphical user interface
- Contact Technical Support
- Appendices
- Appendix 1. Resource consumption optimization
- Appendix 2. Default task configuration files
- Rules for editing application task configuration files
- File Threat Protection task configuration file
- Virus Scan task configuration file
- Custom Scan task configuration file
- Critical Areas Scan task configuration file
- Update task configuration file
- Storage management task configuration file
- System Integrity Monitoring task configuration file
- Firewall Management task configuration file
- Anti-Cryptor task configuration file
- Web Threat Protection task configuration file
- Device Control task configuration file
- Removable Drives Scan task configuration file
- Network Threat Protection task configuration file
- Container Scan task configuration file
- Inventory Scan task configuration file
- Application Control task configuration file
- Appendix 3. Command line return codes
- Appendix 4. Managing KESL container using REST API
- Appendix 5. Configuring interaction with Kaspersky Anti-Virus for Linux Mail Server
- Sources of information about the application
- Glossary
- Active key
- Active policy
- Administration group
- Administration Server
- Application activation
- Application databases
- Application settings
- Backup
- Database of malicious web addresses
- Database of phishing web addresses
- Exclusion
- False positive
- File mask
- Group policy
- Group task
- Infected object
- Kaspersky update servers
- License
- License certificate
- Object disinfection
- Policy
- Proxy server
- Reserve key
- Startup objects
- Subscription
- Trusted device
- Trusted zone
- Information about third-party code
- Trademark notices
Application Control task (Application_Control, ID:21) > About Application Control rules
About Application Control rules
About Application Control rules
An Application Control rule is a set of parameters required for the Application Control task to work:
- Assignment of an application to an application category. An application category is a group of applications with common characteristics. For example, a category that includes executable files of installed applications, or a category of applications required for operation, which includes a standard set of applications used by the organization. Each category can only be used in one rule. KL categories usage is not supported in Kaspersky Security Center.
- Permission or prohibition for selected users or user groups to run applications. You can specify a user or user group that is allowed or not allowed to run applications of the specified category.
- Rule triggering condition. A condition is represented by the following correspondence: "condition type – condition criterion – condition value". Based on the rule triggering condition, Kaspersky Endpoint Security applies or does not apply the rule to the application. The rules use inclusive and exclusive conditions:
- Inclusive conditions. Kaspersky Endpoint Security applies the rule to the application if the application meets at least one inclusive condition.
- Exclusive conditions. Kaspersky Endpoint Security does not apply the rule to the application if the application meets at least one exclusive condition or does not meet any of the inclusive conditions.
Rule triggering conditions are created using the following criteria:
- Name of the application's executable file.
- Name of the directory with the application's executable file.
- Hash (SHA-256) of the application executable file.
For each criterion used in the condition, a value must be specified.
You can use masks to specify the names of files and directories.
You can use the
*(asterisk) character to create a file or directory name mask.You can indicate a single
*character to represent any set of characters (including an empty set) preceding the/character in the file or directory name. For example,/dir/*/fileor/dir/*/*/file.You can indicate two consecutive
*characters to represent any set of characters (including an empty set and the/character) in the file or directory name. For example,/dir/**/file*/or/dir/file**/.The
**mask can be used only once in a directory name. For example,/dir/**/**/fileis an incorrect mask.To exclude the mount point
/dir, you need to specifically indicate/dir(no asterisk).The mask
/dir/*excludes all mount points at the level below/dirbut not/diritself. The/dir/**mask excludes all mount points below the level of/dirbut not/diritself.You can use a single
?character to represent any one character in the file or directory name.If the settings of the application being launched match the values of the criteria specified in the inclusive condition, the rule is triggered. In this case, Application Control performs the action specified in the rule. If application settings match the values of the criteria specified in the exclusive condition, Application Control does not control the application launch.
For each operation mode of the Application Control task, separate rules must be created and an action must be specified: apply rules or test rules. The Application Control task performs this action when it detects an attempt to start an application.
The Application control rules have three operation statuses:
- Enabled – the rule is enabled, Kaspersky Endpoint Security applies this rule when the Application Control task is running.
- Disabled – the rule is disabled and is not used when the Application Control task is running.
- Test – Kaspersky Endpoint Security allows launching applications that meet the rule criteria, but logs information about launches of these applications in the report.
The priority of the rule operation status is higher than the priority of the action specified in the rule.
Article ID: 198033, Last review: Jul 8, 2024