Creating an application category that includes executable files from selected folder

Expand all | Collapse all

You can use executable files from a selected folder as a standard of executable files that you want to allow or block in your organization. On the basis of executable files from the selected folder, you can create an application category and use it in the Application Control component configuration.

To create an application category that includes executable files from the selected folder:

1. In the main menu, go to 操作 → 第三方应用程序 → 应用程序类别.

   The page with a list of application categories is displayed.

2. Click the 添加 button.

   The New category wizard starts. Proceed through the wizard by using the Next button.

3. On the 选择策略创建方法 page of the wizard, specify the category name and select the 包含指定文件夹内可执行文件的类别。复制到指定文件夹的应用程序可执行文件被自动处理，它们的度量数据被添加到类别中 option.
4. Specify the folder whose executable files will be used to create the application category.
5. Define the following settings:
   • 包含动态链接库 (DLL) 到该类别

     The application category includes dynamic-link libraries (files in DLL format), and the Application Control component logs the actions of such libraries running in the system. Including DLL files in the category may lower the performance of Kaspersky Security Center.

     By default, this check box is cleared.

   • 包含脚本数据到该类别

     The application category includes data on scripts, and scripts are not blocked by Web Threat Protection. Including the script data in the category may lower the performance of Kaspersky Security Center.

     By default, this check box is cleared.

   • Hash value computing algorithm: 为该类别中的文件计算 SHA-256(在 Kaspersky Endpoint Security 10 Service Pack 2 for Windows 或更新版本中支持) / 为该类别中的文件计算 MD5(在 Kaspersky Endpoint Security 10 Service Pack 2 for Windows 更早版本中支持)

     Depending on the version of the security application installed on devices on your network, you should select an algorithm for hash value computing by Kaspersky Security Center Linux for files in this category. Information about computed hash values is stored in the Administration Server database. Storage of hash values does not increase the database size significantly.

     SHA-256 is a cryptographic hash function: no vulnerabilities have been found in its algorithm, and so it is considered the most reliable cryptographic function nowadays. Kaspersky Endpoint Security for Linux supports SHA-256 computing.

     Select either of the options of hash value computing by Kaspersky Security Center Linux for files in the category:

     • If all instances of security applications installed on your network are Kaspersky Endpoint Security for Linux, select the SHA-256 check box.

     Select the MD5 哈希 check box only if you use Kaspersky Endpoint Security for Windows. Kaspersky Endpoint Security for Linux does not support the MD5 hash function.

     The Calculate SHA-256 for files in this category (supported by Kaspersky Endpoint Security 10 Service Pack 2 for Windows and any later versions) check box is selected by default.

     The Calculate MD5 for files in this category (supported by versions earlier than Kaspersky Endpoint Security 10 Service Pack 2 for Windows) is cleared by default.

   • 强制扫描文件夹以查找更改

     If this option is enabled, the application regularly checks the folder of category content addition for changes. You can specify the frequency of checks (in hours) in the entry field next to the check box. By default, the time interval between forced checks is 24 hours.

     If this option is disabled, the application does not force any checks of the folder. The Server attempts to access files if they have been modified, added, or deleted.

     By default, this option is disabled.

When the wizard finishes, the application category is created. It is displayed in the list of application categories. You can use the application category at Application Control configuration.

For detailed information about Application Control, refer to the Kaspersky Endpoint Security for Linux Help and Kaspersky Endpoint Security for Windows Help.