Kaspersky Industrial CyberSecurity for Nodes

About Applications Launch Control rules

3 August 2023

ID 148394

How Applications Launch Control rules work

The operation of Applications Launch Control rules is based on the following components:

  • Type of rule.

    Applications Launch Control rules can allow or deny the start of application. Accordingly, they are called allowing or denying rules. To create a list of allowing rules for Applications Launch Control, you can use the Rule Generator for generating allowing rules or use the Applications Launch Control task in Statistics only mode. You can also add allowing rules manually.

  • User or group of users.

    Applications Launch Control rules can control the start of specified applications by a user and / or user group.

  • Rule usage scope.

    Applications Launch Control rules can be applied to executable files, scripts, and MSI packages.

  • Rule triggering criterion.

    Applications Launch Control rules control the launch of files that satisfy one or several of the criteria specified in the rule settings: signed by the specified digital certificate, matching the specified SHA256 hash, located at the specified path, and matching the specified command line arguments. You should select at least one option. Otherwise, the Application Launch Control rule is not added.

    If Digital certificate is set as the rule triggering criterion, the created rule controls the start of all trusted applications in the operating system. You can set stricter conditions for this criterion by selecting the following check boxes:

    • Use subject
    • Use thumb

    Thumbprints allow for the most restrictive triggering of application start rules based on a digital certificate, because a thumbprint uniquely identifies a digital certificate and cannot be forged, unlike the subject of a digital certificate.

You can specify exclusions for Applications Launch Control rules. Exclusions to Applications Launch Control rules are based on the same criteria used to trigger rules: digital certificate, SHA256 hash, and file path. Exclusions to Applications Launch Control rules may be required for certain allowing rules: for example, if you want to allow users to start applications from the C:\Windows path, while blocking launch of the Regedit.exe file.

If operating system files fall within the scope of the Applications Launch Control task, we recommend that when creating Applications Launch Control rules you make sure that such applications are allowed by the newly created rules. Otherwise, the operating system may fail to start.

Managing Applications Launch Control rules

You can perform the following actions with Applications Launch Control rules:

  • Add rules manually.
  • Generate and add rules automatically.
  • Remove rules.
  • Export rules to file.
  • Check selected files for rules that allow execution of these files.
  • Filter the rules in the list according to specified criterion.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.