Application Control - Kaspersky Lab

Small Office Security 2 

Application Control

Kaspersky Small Office Security 2 

Table of content 

Table of content ............................................................................................................................... 1 

Application control ........................................................................................................................ 2 

What is Application Control ....................................................................................................... 2 

Enabling/Disabling Application Control ...................................................................................... 2 

Placing applications into groups ................................................................................................ 3 

Viewing activity of applications .................................................................................................. 7 

Modifying a trust group for an application .................................................................................. 8 

Application control rules .......................................................................................................... 10 

Changing the group rule ....................................................................................................... 10 

Editing application rules ....................................................................................................... 13 

Creating a network rule for an application (Firewall) ............................................................ 15 

Editing storage time for rules................................................................................................ 17 

Setting of restrictions of parental process ............................................................................ 19 

Configuring exclusions ......................................................................................................... 21 

Protecting personal data .......................................................................................................... 23 

1 | 28


Application control 

What is Application Control 

KSOS 2 prevents applications from performing actions that may be dangerous for the system, and 

ensures control of access to operating system resources and your identity data with the help of the 

following tools: 

► Application Control. The component tracks actions in the system performed by 

applications installed on the computer, and regulates them based on the rules of 

Application Control. These rules regulate potentially dangerous activity, including 

applications' access to protected resources. 

► Protection of identity data and operating system resources. Application control 

monitors the rights of applications to perform actions with user’s identity data. The 

following objects refer to identity data: files, folders and registry keys which contain 

operation settings and vital data of the most frequently used applications, user’s files 

(the My Documents folder, cookies files, and data of the user activity). 

Enabling/Disabling Application Control 

By default, Application Control is enabled, functioning in the mode developed by Kaspersky 

Lab specialists. However, you can disable it, if required. 

To enable or disable Application Control, perform the following steps: 

1. Open the main application window. 

2. In the top part window select the Protection tab. 

3. In the right top part of the main application window click the Settings link. 

4. In the left part of the Settings window select the Security Zone component. 

5. In the right part of the window: 

• Uncheck the Enable Security Zone box, if you need to disable the component. 

• Check the Enable Security Zone box, if you need to enable the component. 

2 | 28


6. In the lower part of the Settings window click the Apply button. 

Placing applications into groups 

At the first startup of an application on the computer, the Application Control component verifies 

its safety and searches the internal database of known applications for a matching entry, and then 

sends a request to the Kaspersky Security Network 1 database or having a digital signature 2 

. 

After search Application Control places the application into one of the following trusted groups: 

► Trusted. Trusted applications are applications with digital signatures of trusted vendors and 

applications signatures of those are included to the trusted applications database. 

Applications of that group are allowed to perform any network activity. Activities of such 

applications are monitored by Proactive Defense and File Anti-Virus. 

► Low Restricted. Low restricted applications are applications which are without digital 

signatures of trusted vendors and which are not included to the trusted applications 

database. Nevertheless, the low risk rating 3 

. is assigned to such applications. Applications 

of that group are allowed to perform some operations, to manage the system, hidden 

access to the network. Most operations require user authorization. 

► High Restricted. High restricted applications are applications without digital signatures and 

which are not included to the trusted applications database. The high risk rating is assigned 

to such applications. Applications of this group require user authorization for most activities 

in the system; some actions, however, are restricted for these applications. 

1 Kaspersky Security Network is a system which allows to get information about files opened by the user on the 

computer and thus tracks malicious objects and their spreading channels. 

2 Digital signature is an electronic security mark which carries the information about the software vendor and shows if 

the software was changed after the signing (i.e. after release). If software is signed by its vendor and the signature 

authenticity is verified by the certificate center, then you can be sure that the software is authentic and was not. 

16 Risk rating is an indicator of the application danger for the system. The risk rating is calculated based on definite 

criteria. 

3 | 28


► Untrusted. Untrusted applications are applications without digital signatures and which are 

not included to the trusted applications database. Very high risk rating is assigned to such 

applications. Application Control blocks any activity of such applications. 

To disable the automatic inclusion of applications into the Trusted group, perform the following 

actions: 


2. In the right part of the window in the Trusted applications section uncheck the boxes 

Applications with digital signature and Trusted in Kaspersky Security Network 

database. 

3. In the Settings window click the Apply button. 

If an application record is not included into Kaspersky Security Network database and the 

application does not have a digital signature, then KSOS 2 uses the heuristic analysis 4 

. The 

analysis helps defining the threat rating of the application based on which it is included into a 

group. 

To use the heuristic analysis for distributing unknown applications by groups, perform the following 

actions: 


2. In the right part of the window in the Trusted applications section select the Use heuristic 

analyzer to define the group option. 

3. Click the Apply button in the right bottom corner of the window. 

4 Heuristic analysis is analysis of objects activity in the system. If the activity is typical of malicious objects in this 

case the object under analysis will be defined as suspicious or malicious. Analysis of the object activity allows to 

detect a virus even if it has not been defined by virus analysts. 

4 | 28


Instead of using the heuristic analysis, you can specify a group into which KSOS 2 should 

automatically include all unknown applications. For this, perform the following actions: 


2. In the Trusted applications section select the Automatically move to group option and in 

the drop-down menu select the necessary group: 

► Low Restricted 

► High Restricted 

► Untrusted 

3. Click the Apply button in the right bottom corner of the window. 

5 | 28


By default, Application Control analyzes an application for 30 seconds. If this time interval turns 

out to be insufficient for defining the threat rating, the application is included into the Low 

restricted group, while defining the threat rating continues in background mode. After that, the 

application is finally included into another group. If you are sure that all applications started on 

your computer do not pose any threat to its security, you can decrease the time spent on analysis. 

If, on the contrary, you are installing the software and are not sure that this is safe, you are 

advised to increase the time for analysis. 

To change the time allowed for calculation of the application group, perform the following actions: 


2. In the Additional section edit the value of the Maximum time to define the application 

group setting. 

3. In the right bottom corner of the window click the Apply button. 

6 | 28


Viewing activity of applications 

You can view information about all applications being used on your computer and all processes 

being currently run. For this, perform the following actions: 


2. In the main application window select the Security Zone tab. 

3. In the Application Control section in the right part of the window click the Applications 

Activity link. 

7 | 28


4. For the sake of convenience all applications are divided into categories: for example, 

running, started at system startup, network and etc. In the Category drop-down list select 

the necessary category 5 

. 

5. To show the processes launched by KSOS 2, check the Show Kaspersky Small Office 

Security processes box. 

6. To show system processes in the list, check the Show system processes box. 

Modifying a trust group for an application 

In the Application Control window the Group column shows the group to which an application 

belongs. 

If necessary, you can move the application to another group manually. 

Kaspersky Lab specialists recommend that you avoid moving applications from default groups. 

To do it, perform the following actions: 

1. In the Application activity window in the Category list select the required category of 

applications. 

2. Right-click the required application and in the context menu select Move to group and 

select the necessary group: Trusted, Low restricted, High restricted or Untrusted. 

3. In the right bottom corner of the window click the OK button. 

5 The Network category only displays applications with the opened connections and/or opened ports. 

8 | 28


To move the application to the default group, do the following: 

1. In the main application window click on the tab Security Zone. 

2. On the Security Zone tab in the right part of the window click the Applications Activity 

link. 


applications. 

4. Right-click the required application and in the context menu select Move to group -> 

Restore default group. 

5. In the Application activity window click the Close button. 

9 | 28


Application control rules 

Rules of Application Control is a set of rights of access to the computer resources and 

restrictions posed on various actions being performed by applications on the computer. 

By default, an application is controlled according to the rules of the trust group into which KSOS 2 

included the application when it was run for the first time. 

A rule is a set of Application Control reactions over application’s activity upon access to 

controlled resources. The following component reactions are possible: 

► Inherit. Application or group inherits the reaction from the parent group. This is a default 

reaction. 

► Allow. Application is allowed to perform an action with the resource. 

► Deny. Application is not allowed to perform an action with the resource. 

► Prompt for action. Application Control prompts the user for granting access to the 

resource for an application. 

► Log events. In addition to the specified reaction, Application Control records in the report 

information about the application's attempts to access the resource. 

Changing the group rule 

To change the preset group rule, do the following: 


2. Go to the Protection Center tab. 

3. In the top right corner of the main application window click the Settings link. 

10 | 2 8



5. In the right part of the window click the Configure rules button. 

6. In the Rules for a group of applications window select the required group and left-click it. 

11 | 2 8


7. In the Rules for a group of applications window on the Rules tab edit access rights for 

the required category of resources, by right-clicking the icon in the Permission column: 

Read, Write, Delete, Create. 

8. In the Rules for a group of applications window click the OK button. 

If necessary, you can configure these rules for one particular application. 

12 | 2 8


Editing application rules 

Application Control logs the actions performed by this application in the system, and manages 

its activity based on which group it belongs to. When an application accesses a resource, the 

component checks if the application has the required access rights, and performs the action 

determined by the rule. 

To edit application rules, perform the following actions: 

1. In the main application window go to the Security Zone tab. 

2. In the right part of the window in the Application Control section click the Application 


3. In the Application Activity window in the Category list select the required category of 

applications. 

4. In the Group column, left-click the link with the name of the group for the required 

application. 

5. In the context menu select Move to groupCustom settings. 

13 | 2 8


6. In the Rules for application window on the Rules tab edit the access rules for the required 

resource category. For this, right-click the icon in the Permission column: Read, Write, 

Delete, Create. 

7. In the Rules for application window click OK. 

Application rules have a higher priority than group rules. 

14 | 2 8


For example, if an application rule allows the Internet access, and in the rules of the group, into 

which the application is included, the Internet access is denied, in this case the application will get 

access to the system resources. 

Creating a network rule for an application (Firewall) 

If an application during its work accesses the network resources, in this case Firewall rules are 

applied to it. Access settings to network recourses can be configured in the Application activity 

window. For this perform the following actions: 


2. In the right part of the window in the Application Control section click the Applications 



applications. 

4. In the Group column, left-click the link with the name of the group for the required 

application. 

5. In the context menu select Move to groupCustom settings. 

6. In the Rules for application window on the Rules tab in the drop-down list select the 

Network rules category and click the Add link in the left bottom corner of the window. 

15 | 2 8


7. In the Network rule window specify the settings for a network rule. 

8. Assign a priority to the new rule and move it up or down the list by clicking the Move up or 

Move down buttons. 

16 | 2 8


Once you have created the rule, you can modify its settings or delete it using buttons in the bottom 

part of the tab. To disable the rule, uncheck the box next to the rule's name 

9. In the window Rules for application click OK. 

Editing storage time for rules 

By default, the rules for applications which have not been started for the 60 days are deleted 

automatically. 

You can modify the storage time for rules for unused applications, or disable rules' automatic 

removal. 

To set the storage time for application rules, perform the following actions: 


2. Go to the Protection Center tab. 



5. In the Additional section check the Delete rules for applications remaining inactive for 

more than box and specify the necessary number of days. 

17 | 2 8



To disable the automatic removal of the rules for unused applications, do the following: 

1. In the Additional section uncheck the Delete rules for applications remaining inactive 

for more than box. 


18 | 2 8


Setting of restrictions of parental process 

Application startup may be initiated either by the user or by another application running. If the 

startup is initiated by another application, it results in creating a startup procedure including parent 

and child programs. 

Parent program is the program which initiated another program. 

Child program is a program started by another program. 

When an application attempts to obtain access to a protected resource, Application Control 

analyzes the rights of all parent processes of this application, and compares them to the rights 

required to access this resource. 

Access right priority: 

• Allow. A program or a group obtains access to a resource. Access right data have the 

highest priority. 

• Prompt user. 

• Block. Access to a resource is denied for a program or a group. Access right data have the 

lowest priority. 

If the application's activities are blocked due to insufficient rights of a parent process, you can edit 

the rules or disable inheritance of restrictions from the parent process. 

The applications run sequence can be viewed in the Application activity window the following 

way: 



3. In the Application Control section, click the Applications Activity link. 

4. In the Application activity window in the Category list select the necessary category of 

applications. 

5. In the Run sequence column you can see what applications are parent for the launched 

application. 

You should modify the rights of a parent process only if you are absolutely certain that the process' 

activities do not threaten the system's security. 

19 | 2 8


To disable inheritance of restrictions from the parent process, perform the following steps: 

1. On the Security Zone tab in the Application Control section click the Applications 



applications. 

3. For the necessary application in the Group column left-click the application name. 

4. In the context menu select Custom settings. 

5. In the Rules of application window on the Rules tab uncheck the Inherit restrictions of 

the parent process (application) box. 

20 | 2 8


6. In the window Rules for application click the OK button. 

Configuring exclusions 

When you create a default application rule, KSOS 2 will monitor any of the user application's 

actions, including: access to files and folders, access to the execution environment, and network 

access. You can exclude certain actions of a user application from the scan the following way: 

1. On the Security Zone tab in the Application Control section click the Applications 



applications. 

21 | 2 8


3. For the necessary application in the Group column left-click the application name. 

4. In the context menu select Custom settings. 

5. In the Rules of application window on the Exclusions tab check the boxes that match the 

actions you wish to exclude. 

6. In the Rules for application window click OK. 

22 | 2 8


When excluding from scan network traffic of an application, you can configure additional exclusion 

settings, such as remote IP-addresses and network ports. 

Protecting personal data 

Application Control manages the applications' rights to take actions on various resource 

categories. Two categories of resources were distinguished in KSOS 2: the operating system and 

identity data. 

The Operating system category includes the following system resources: 

► registry keys with autorun parameters; 

► registry keys with parameters of work on the Internet; 

► registry keys which influence system security; 

► system files and folders; 

► autorun folders. 

Registry is a hierarchical settings database in most Microsoft Windows operating systems. 

The Identity data category includes the following resources: 

► user’s files (the folder My Documents, files cookies, data about user’s activity); 

► files, folders and registry keys which contain working parameters and important data of the 

most frequently used applications: Internet-browser, file managers, mail clients, Internetpagers 

and electronic purses. 

Cookies files are files saved on the user’s computer. These files store personal data of the user 

(for example, password and login) used during the visit of various sites or when returning to the 

site after some time. Each site has its own cookie file. 

You cannot delete this list. However, you can disable their protection by unchecking a box next to 

a category. 

You can also expand this list by adding user categories and / or individual resources. 

23 | 2 8


To expand the list of system resources for the Operating system category, perform the following 

actions: 


2. Go to Protection Center tab. 



5. In the right part of the window click the Settings button. 

6. In the Digital Identity Protection window on the Operating system tab in the drop-down 

menu in the Category section select a category: 

7. Click the Add link to add an additional resource to the selected category. 

24 | 2 8


8. In the User resource window, which opens after you have selected one of the items in the 

drop-down menu, click the Browse button. 

9. In the Select file or folder window select a resource, and then click the OK button. 

10. In the User resource window click the OK button. 

11. A newly added resource will be displayed in the Digital Identity Protection window. 

25 | 2 8


After you add a resource, you can edit or remove it using the respective buttons in the top 

part of the tab. To disable the control of a resource or category, uncheck the box next to it. 

12. In the Digital Identity Protection window click the OK button. 

To expand the list of system resources for the Identity Data category, perform the following 

actions: 

1. In the left part of the Settings window choose Security Zone. 

2. In the right part of the window click the Settings button. 

3. In the Digital Identity Protection window on the Identity Data tab in the drop-down menu 

in the Category section select a category: 

26 | 2 8


4. Click the Add category link to add a new category of resources. 

5. In the Identity data category window enter the name of a new group and click the OK 

button. 

6. Click the Add link to add an additional resource to the selected or added category. 

27 | 2 8


7. In the User resource window click the Browse button. 

8. In the Select file or folder window choose the path and click OK. 

9. In the User resource window click OK. 

10. A newly added resource will be displayed in the Digital Identity Protection window. After 

you add a resource, you can edit or remove it using the respective buttons in the top part of 

the tab. To disable the control of a resource or category, uncheck the box next to it. 

11. In the Digital Identity Protection window click the OK button. 

12. In the Settings window click the OK button. 

28 | 2 8

Application Control - Kaspersky Lab

Create successful ePaper yourself

Delete template?

Save as template?