Robbie

Level 28
Verified
Content Creator
I'm pretty sure you have heard about Kaspersky being recommended. Here, by friends, on the internet. But... why?

To start with, Kaspersky is a very complete and powerful suite, includes several modules that together can outsmart pretty much most malware if correctly configured. This thread is about a specific module: Application Control. What is it? How does it work? How to set it up?

1. Why Kaspersky?
Kaspersky is definitely a market leader, with huge experience in the cybersecurity area and innovation, winning multiple awards and prizes for the great protection it can offer.

2. Why should I need to set it up?
Many people often moan about how weak antivirus is on default settings. And as a matter of fact this may be true with Kaspersky too. Many HUB testers have proved that on default Kaspersky can fail. But it would be a pity to leave such a monster the way it came.

3. What's the objective of this thread?
Learn what Application Control (AC) is, how it works, the engineering that designed it and how to use it.

4. Wow you're such a great person, why aren't you super admin co-owner godlike in this forum?
I once stole Jack's kitty and he never forgave me.

EXPLAINING APPLICATION CONTROL

Applications installed on the computer can use the operating system resources as well as your personal data. Kaspersky features the Application Control component, which controls access of applications to the operating system files and your personal data.
When an application tries to access the operating system or personal data, Application Control allows or blocks access to the resource according to the rules or prompts to select an action.
If Application Control blocks the work of an important application, you can adjust the rights for it.

I CAN'T FIND THIS MODULE ON KASPERSKY

Application Control is only available in versions Internet Security and beyond. It is not present in Antivirus version.

HOW DOES IT DECIDE ABOUT FILES

Kaspersky divides all the applications installed on the computer are divided into the following groups:
  • Trusted. Applications that meet at least one of these criteria:
    • This application has a trusted vendor's signature.
    • This application is listed in the Kaspersky Lab trusted applications database .
    • These applications have no restrictions on their activity in the system.
  • Low Restricted. Applications that do not have a digital signature from a trusted vendor and are not listed in the Kaspersky Lab database of trusted applications.
    These applications have certain restrictions on accessing other processes, controlling the system, and accessing the network without user's consent. These applications will request permission for most actions from the user.
  • High Restricted. Applications that may pose a moderate threat: tools, adware, or auto-dialers.
    For most actions, these applications will require user's permission. Some actions are not allowed.
  • Untrusted. Malicious applications that pose a severe threat. This category includes applications that are blocked with File Anti-Virus.
    Application Control blocks all actions of these applications.
PROTECTED RESOURCES

Within this module, Kaspersky also protects:
  • System files and folders
  • Startup objects
  • User files and folders, including the My Documents folder
  • Cookie files
  • Data on your activity on the computer and the web
  • Registry files that contain settings and data from web browsers, file managers, mail clients, instant messengers, and payment system apps.
HOW TO CHANGE RESTRICTIONS FOR FILES
  1. In the main window of Kaspersky, click the gear button
    Image: the Settings button of Kaspersky
    .
Image: the main window of Kaspersky

  1. If you have problems opening the application window, see this guide.

  1. Got to the Protection section in the Settings window and select Application Control.
Image: the Settings window of Kaspersky

  1. In the Application Control settings view, click the Manage applications link.
Image: the Application Control window in Kaspersky

  1. In the Manage applications window, move the application to a different group: right-click the application, in the menu click Restrictions and select the category.
Image: selecting a group for an application in Kaspersky

  1. Configure custom restrictions: select the application, right-click it and select Details and rules from the menu.
Image: setting up restrictions for an application in Kaspersky

  1. Go to Application rules →Rights, select a category and set an action for it by clicking the icon on the right: Inherit, Allow, Deny, or Prompt for action.
  2. Click Save.
Image: the Application rules window of Kaspersky
HOW TO SET IT UP SAFELY
1. Open Application Control module
1570106487478.png


2. Untick "trust digitally signed applications" and make sure it stays like the picture below.
1570106697180.png


3. Visualize our two main options: "Change trust group for unknown applications" and "change trust group for applications started before Kaspersky".
Select UNSTRUSTED for unknown applications, so all strange applications/not signed are not able to be executed at all.
1570106583247.png

Select LOW RESTRICTED for all aplications launched before Kaspersky
1570106803939.png
I EXECUTED A FILE AND I GOT ERRORS/DOESN'T LAUNCH

Whenever Application Control blocks an application, moves it to Untrusted Group, or a restriction group. This means that most probably it will have no permissions to execute or elevate, hence why it gives random errors at launch. In order to execute it you will need to head to Kaspersky--Application Control module, and manually move it to the Trusted Group.
 
Last edited by a moderator:

crezz

Level 5
Verified
Application Control is one of the main reasons why I have stuck with Kaspersky. Norton is the only other product I would consider, but that doesn't have an equivalent feature.

Good original post and I look forward to the one from Harlan.
 
9

93803123

I'm pretty sure you have heard about Kaspersky being recommended. Here, by friends, on the internet. But... why?

To start with, Kaspersky is a very complete and powerful suite, includes several modules that together can outsmart pretty much most malware if correctly configured. This thread is about a specific module: Application Control. What is it? How does it work? How to set it up?

1. Why Kaspersky?
Kaspersky is definitely a market leader, with huge experience in the cybersecurity area and innovation, winning multiple awards and prizes for the great protection it can offer.

2. Why should I need to set it up?
Many people often moan about how weak antivirus is on default settings. And as a matter of fact this may be true with Kaspersky too. Many HUB testers have proved that on default Kaspersky can fail. But it would be a pity to leave such a monster the way it came.

3. What's the objective of this thread?
Learn what Application Control (AC) is, how it works, the engineering that designed it and how to use it.

4. Wow you're such a great person, why aren't you super admin co-owner godlike in this forum?
I once stole Jack's kitty and he never forgave me.

EXPLAINING APPLICATION CONTROL

Applications installed on the computer can use the operating system resources as well as your personal data. Kaspersky features the Application Control component, which controls access of applications to the operating system files and your personal data.
When an application tries to access the operating system or personal data, Application Control allows or blocks access to the resource according to the rules or prompts to select an action.
If Application Control blocks the work of an important application, you can adjust the rights for it.

I CAN'T FIND THIS MODULE ON KASPERSKY

Application Control is only available in versions Internet Security and beyond. It is not present in Antivirus version.

HOW DOES IT DECIDE ABOUT FILES

Kaspersky divides all the applications installed on the computer are divided into the following groups:
  • Trusted. Applications that meet at least one of these criteria:
    • This application has a trusted vendor's signature.
    • This application is listed in the Kaspersky Lab trusted applications database .
    • These applications have no restrictions on their activity in the system.
  • Low Restricted. Applications that do not have a digital signature from a trusted vendor and are not listed in the Kaspersky Lab database of trusted applications.
    These applications have certain restrictions on accessing other processes, controlling the system, and accessing the network without user's consent. These applications will request permission for most actions from the user.
  • High Restricted. Applications that may pose a moderate threat: tools, adware, or auto-dialers.
    For most actions, these applications will require user's permission. Some actions are not allowed.
  • Untrusted. Malicious applications that pose a severe threat. This category includes applications that are blocked with File Anti-Virus.
    Application Control blocks all actions of these applications.
PROTECTED RESOURCES

Within this module, Kaspersky also protects:
  • System files and folders
  • Startup objects
  • User files and folders, including the My Documents folder
  • Cookie files
  • Data on your activity on the computer and the web
  • Registry files that contain settings and data from web browsers, file managers, mail clients, instant messengers, and payment system apps.
HOW TO CHANGE RESTRICTIONS FOR FILES
  1. In the main window of Kaspersky, click the gear button
    Image: the Settings button of Kaspersky
    .
Image: the main window of Kaspersky

  1. If you have problems opening the application window, see this guide.

  1. Got to the Protection section in the Settings window and select Application Control.
Image: the Settings window of Kaspersky

  1. In the Application Control settings view, click the Manage applications link.
Image: the Application Control window in Kaspersky

  1. In the Manage applications window, move the application to a different group: right-click the application, in the menu click Restrictions and select the category.
Image: selecting a group for an application in Kaspersky

  1. Configure custom restrictions: select the application, right-click it and select Details and rules from the menu.
Image: setting up restrictions for an application in Kaspersky

  1. Go to Application rules →Rights, select a category and set an action for it by clicking the icon on the right: Inherit, Allow, Deny, or Prompt for action.
  2. Click Save.
Image: the Application rules window of Kaspersky
HOW TO SET IT UP SAFELY
1. Open Application Control module
View attachment 226462

2. Untick "trust digitally signed applications" and make sure it stays like the picture below.
View attachment 226465

3. Visualize our two main options: "Change trust group for unknown applications" and "change trust group for applications started before Kaspersky".
Select UNSTRUSTED for unknown applications, so all strange applications/not signed are not able to be executed at all.
View attachment 226463
Select LOW RESTRICTED for all aplications launched before Kaspersky
View attachment 226466
I EXECUTED A FILE AND I GOT ERRORS/DOESN'T LAUNCH

Whenever Application Control blocks an application, moves it to Untrusted Group, or a restriction group. This means that most probably it will have no permissions to execute or elevate, hence why it gives random errors at launch. In order to execute it you will need to head to Kaspersky--Application Control module, and manually move it to the Trusted Group.
Application Control is a reputation-based software restriction policy.

To fully protect a system, Application Control must be customized.