I followed the steps you outlined previously (Kaspersky's Application Control: what is it, how it works)
I unticked the 'trust digitally signed applications' box but left 'load rules for applications from KSN' as ticked. I then started up the main applications that I use. In my case they all started up without issue and connected to the internet. When I click Manage Applications I see that they have been added as Trusted applications.
My understanding is that applications get added as Trusted if they match a KSN rule and if they don't match a KSN rule they won't run (as I set unknown apps to untrusted). Is it correct to say that this App Control wouldn't stop the app from running if it was modified? if an undetected piece of malware changed the contents of abc.exe because abc.exe as an application is trusted it would still launch? i.e. it's not matching against 'known good' copies of the files?
