Kaspersky Embedded Systems Security 3.4 for Linux Help

Kaspersky Embedded Systems Security for Linux

Print Support Send link

Configuring Application Control in the Web Console

Configuring Application Control in the Web Console

In the Web Console, you can configure Application Control settings in the policy properties (Application settings → Security Controls→ Application Control)

Application Control component settings

Setting	Description
Application Control enabled / disabled	This toggle switch enables or disables Application Control. The toggle button is switched off by default.
Action on starting applications blocked by rules	The action that Kaspersky Embedded Systems Security performs upon detecting an attempt to start an application that matches the configured rules: Test rules. If you select this option, Kaspersky Embedded Systems Security tests the rules and generates an event about an attempt to start an application that matches the rules. Apply rules (default value). If you select this option, Kaspersky Embedded Systems Security applies Application Control rules and performs the action specified in the rules.
Application Control mode	Application Control task operation mode: Allowlist. If you select this option, Kaspersky Embedded Systems Security prevents all users from launching any applications that are not specified in the Application Control rules or signed with certificates trusted by Application Control. Denylist (default value). If you select this option, Kaspersky Embedded Systems Security allows all users to launch any applications except those specified in the Application Control rules.
Trust applications signed by a trusted certificate / Do not trust applications signed by a trusted certificate	This toggle switch enables or disables the use of the trusted certificate list by Application Control. When the toggle switch is enabled, Application Control in allowlist mode does not block applications that are signed with trusted certificates. This option is available if the Application Control setting is set to Allowlist. The Manage Application Control trusted certificates link opens a window in which you can configure the list of trusted certificates for Application Control.
Application Control rules	Clicking the Configure rules link opens the Application Control rules window.
Applying rules	In the drop-down list, you can select how rules are added: Replace local rules with policy rules. When you select this item, the application applies only the rules specified in the policy. Add policy rules to local rules (default value). When you select this item, the application applies the rules specified in the policy together with the local rules configured on the protected device.

Page top

Application Control rules window

The Application Control rules table has the tabs with the rules for each operation mode: Denylist (active) and Allowlist. Both tabs of the Application Control rules table are empty by default.

Application Control rules settings

Setting	Description
Category	The name of the application category that is used by the rule.
Status	Operation status of the Application Control rule: Enabled – the rule is enabled, Application Control applies this rule during operation. Disabled – the rule is disabled and is not used when the Application Control is running. Test – Application Control allows launching applications that meet the rule criteria, but logs information about launches of these applications in the report.

Setting

Description

Application Control rule window

In this window, you can configure the settings for the Application Control rule.

Configuring an Application Control rule

Setting	Description
Rule description	Description of the Application Control rule.
Status	You can select the operation status of the Application Control rule: Enabled – the rule is enabled, Application Control applies this rule during operation. Disabled – the rule is disabled and is not used when the Application Control is running. Test – Application Control allows launching applications that meet the rule criteria, but logs information about launches of these applications in the report.
Category	The Choose category link opens the Application categories window.
Users and their rights	The table contains a list of users or user groups to which the Application Control rule applies, and the types of access assigned to them, and consists of the following columns: User or group name – names of users or names of user groups to which the Application Control rule applies. Access – access type (allow or block launching applications). This toggle button switches access type: Allow launching the applications or Block launching the applications. You can add, edit, and delete users or user groups. Clicking the Delete button removes the selected item from the table. This button is available if at least one item is selected in the table.

Page top

Application categories window

In this window, you can add a new category or configure the category settings for an Application Control rule.

Kaspersky Embedded Systems Security does not support use of the KL categories of Kaspersky Security Center.

Application Control categories

Setting	Description
Category name	Search bar for added application categories.
Add	Clicking the button starts the category creation wizard. Follow the instructions of the Wizard. For details about creating a category, refer to the Kaspersky Security Center Help.
Edit	Clicking this button opens the category properties window, where you can change the category settings. The Golden Image (local) category cannot be edited.
Remove	Clicking the button deletes the selected category. The Golden Image (local) category cannot be deleted.

Page top

Select user or group window

In this window, you can specify a local or domain user or user group for which you want to configure a rule.

Configuring an Application Control rule

Setting	Description
Manually	If this option is selected, in the field below enter the name of the local or domain user or the name of a user group, to which the Application Control rule will apply.
List of users and groups	If this option is selected, in the search field you can enter search criteria for the name of the user or name of the user group, to which the Application Control rule will apply, or you can select the name of the user group in the list below.

Page top

Trusted certificates of Application Control window

You can configure a list of certificates that will be trusted by Application Control. Application Control allows running applications signed by certificates from this list.

The following information is displayed for each certificate:

certificate serial number
certificate subject
certificate issuer
certificate start date
certificate expiration date
SHA256 certificate fingerprint

By default, the certificate list is empty.

You can add and remove certificates.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

Adding a trusted certificate window

In this window, you can add a certificate to the list of trusted certificates.

The Add certificate link opens the standard file selection window. Indicate the path to the file that contains the certificate, in DER or PEM format.

After the certificate file is selected, the window displays certificate information and the file path.

Page top

Contents

Configuring Application Control in the Web Console

Application Control rules window

Application Control rule window

Application categories window

Select user or group window

Trusted certificates of Application Control window

Adding a trusted certificate window