Managing application network rules

By default, Kaspersky Endpoint Security groups all applications that are installed on the computer by the name of the vendor of the software whose file or network activity it monitors. Application groups are in turn categorized into trust groups. All applications and application groups inherit properties from their parent group: application control rules, application network rules, and their execution priority.

You can select a trust group to which Kaspersky Endpoint Security automatically assigns all unknown applications. Applications that were started before Kaspersky Endpoint Security are automatically moved to the trust group specified in the Select trust group window.

The trust groups are as follows:

• Trusted. This group includes applications for which one or more of the following conditions are met:
  • applications are digitally signed by trusted vendors;
  • applications are recorded in the trusted applications database of Kaspersky Security Network;
  • the user has placed applications in the Trusted group.

  No operations are prohibited for these applications.

• Low Restricted. This group includes applications for which the following conditions are met:
  • applications are not digitally signed by trusted vendors;
  • applications are not recorded in the trusted applications database of Kaspersky Security Network;
  • the user has placed applications in the "Low Restricted" group.

  Such applications are subject to minimal restrictions on access to operating system resources.

• High Restricted. This group includes applications for which the following conditions are met:
  • applications are not digitally signed by trusted vendors;
  • applications are not recorded in the trusted applications database of Kaspersky Security Network;
  • the user has placed applications in the High Restricted group.

  Such applications are subject to high restrictions on access to operating system resources.

• Untrusted. This group includes applications for which the following conditions are met:
  • applications are not digitally signed by trusted vendors;
  • applications are not recorded in the trusted applications database of Kaspersky Security Network;
  • the user has placed applications in the Untrusted group.

  Such applications are subject to high restrictions on access to operating system resources.

   

By default, the Firewall component applies the network rules for an application group when filtering the network activity of all applications within the group, similarly to the Application Privilege Control component. The application group network rules define the rights of applications within the group to access different network connections.

By default, Firewall creates a set of network rules for each application group that is detected by Kaspersky Endpoint Security on the computer. You can change the Firewall action that is applied to the application group network rules that are created by default. You cannot edit, remove, disable, or change the priority of application group network rules that are created by default.

You can also create a network rule for an individual application. Such a rule will have a higher priority than the network rule of the group to which the application belongs.

You can perform the following actions while managing network rules of applications:

• Create a new network rule.

  You can create a new network rule by which the Firewall must regulate the network activity of the application or applications that belong to the selected group of applications.

• Enable or disable a network rule.

  All network rules are added to the list of network rules of applications with Enabled status. If a network rule is enabled, Firewall applies this rule.

  You can disable a network rule that was manually created. If a network rule is disabled, Firewall temporarily does not apply this rule.

• Change the settings of a network rule.

  After you create a new network rule, you can always return to its settings and modify them as needed.

• Change the Firewall action for a network rule.

  In the list of network rules, you can edit the action that the Firewall applies for the network rule upon detecting network activity in this application or application group.

• Change the priority of a network rule.

  You can raise or lower the priority of a custom network rule.

• Delete a network rule.

  You can delete a custom network rule to stop the Firewall from applying this network rule to the selected application or application group upon detecting network activity, and to stop this rule from being displayed in the list of application network rules.