Internet Security

Application Control

Application Control prevents applications from performing actions that may be dangerous for the system, and ensures control of access to your identity data.

The component logs actions performed by applications in the system and regulates the applications’ activities depending on the trusted/untrusted status of the group to which they belong.

Each application that is started is assigned a status that defines to which group it belongs. Each status is assigned a set of rules. Rules of Application Control regulate potentially dangerous activity, such as applications’ access to protected resources (files and folders, registry keys, network addresses, etc.) depending on the threat rating of the applications.

If an action with imposed restriction is attempted, Application Control checks if the application has the required access rights and performs the action defined by the application’s status rule.

To control applications’ access to various resources of your computer, you can use the preset list of protected resources or create a protection scope on your own.

At the first startup of an application, Application Control scans it for viruses and assigns it a status.

The component first searches for a corresponding entry through the internal database of known applications in Kaspersky Internet Security and then sends a request to the Kaspersky Security Network database (if an Internet connection is available and if download of rules from Kaspersky Security Network is enabled). If the account is found in the base, the application is assigned the status registered in the base and the rules uploaded from the Kaspersky Security Network will be used for this application.

By default, if an application or its parent object has trusted digital signature, this application is automatically assigned the status of trusted. You can edit the condition applied to creation of the group of trusted applications.

However, the Proactive Defense component monitors behavior of the applications that have been assigned the “trusted” status by Application Control.

By default, unknown applications (those not found in the database of Kaspersky Security Network and those without digital signatures) are scanned using heuristic analysis which helps you determine the threat rating of applications. Applications with low threat rating are assigned the Low Restricted status.

If the application’s threat rating is high, Kaspersky Internet Security notifies you of this and offers you to select the status which should be assigned to the potentially dangerous application. The notification contains the statistics describing usage of this application by the participants of Kaspersky Security Network. Based on this information, and knowing how the application appeared on your computer, you can make a weighed decision on which status should be assigned to the application.

We recommend that you participate in Kaspersky Security Network in order to improve performance of Application Control.

When the application is restarted, Application Control checks its integrity. If the application has not been changed, the component applies the existing rule to it. If the application has been modified, Application Control re-scans it as at the first startup.

You can edit the conditions applied to detection of application statuses, status of an individual application, and edit the rules for statuses or for individual applications.