Deleting rules for unused applications

By default, the rules for applications which have not been started for the 60 days are deleted automatically. You can modify the storage time for rules for unused applications, as well as disable rules’ automatic removal.

To configure the automatic removal of the rules for unused applications:

  1. Open the application settings window.
  2. In the left part of the window, in the Protection Center section, select the Application Control component.

    Enable Application Control

    This box enables / disables Application Control.

    Application Control prevents applications from performing actions that may be dangerous for the system, and ensures control of access to your identity data.

    The component logs actions performed by applications in the system and regulates the applications’ activities depending on the trusted/untrusted status of the group to which they belong.

    Each application that is started is assigned a status that defines to which group it belongs. Each status is assigned a set of rules. Rules of Application Control regulate potentially dangerous activity, such as applications’ access to protected resources (files and folders, registry keys, network addresses, etc.) depending on the threat rating of the applications.

    If an action with imposed restriction is attempted, Application Control checks if the application has the required access rights and performs the action defined by the application’s status rule.

    This box is checked by default.

    Icon Internet Security extension Deleting rules for unused applications

    Opens the Technical Support website for Kaspersky Internet Security.

    Applications

    Clicking the button opens the Applications window. In this window, you can edit the list of rules for applications.

    Resources

    Button which opens the Digital Identity Protection window. In this window, you can create a list of identity data and a list of settings and resources of the operating system that should be scanned by Application Control.

    The Applications processing rules section allows you to adjust the settings which will be used by Application Control to define the application status.

    Kaspersky Internet Security assigns statuses to all applications running on your computer depending on their hazard level and rights of access to system resources.

    The following statuses can be assigned to applications:

    • Trusted. Applications, digitally signed by trusted vendors, or applications which are recorded in the base of trusted applications. These applications have no restrictions applied on actions performed in the system. The activity of these application is monitored by Proactive Defense and File Anti-Virus.
    • Low Restricted. Applications that do not have a digital signature from a trusted vendor, and which are not listed in the base of trusted applications. However, these applications have received a low threat rating (based on the data received from the Kaspersky Security Network service). They are allowed to perform some operations, such as access other processes, system control, hidden network access. The user’s permission is required for most operations.
    • High Restricted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have a high threat rating. The applications in this group require the user’s permission for most actions which affect the system: some actions are not allowed for such applications.
    • Untrusted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have received a very high threat rating. Kaspersky Internet Security blocks any actions performed by such applications.
    • Custom settings. Applications with your personal user-defined rules which regulate control of their activity by Kaspersky Internet Security.

    Load rules for applications from Kaspersky Security Network

    If this box is checked, Application Control sends a request to the Kaspersky Security Network database in order to define the status of an application.

    If this box is unchecked, Application Control does not search for information in the Kaspersky Security Network database in order to define the status of an application.

    This box is checked by default.

    Update rules for previously unknown applications from KSN

    If this box is checked, the control rules for previously unknown applications from KSN are updated automatically.

    If this box is unchecked, automatic update of rules for previously unknown applications is disabled.

    This box is checked by default.

    Trust applications with digital signature

    If this box is checked, Application Control considers applications with digital signatures as trusted. Application Control assigns the status of Trusted to the applications and does not scan their activities.

    Kaspersky Internet Security assigns statuses to all applications running on your computer depending on their hazard level and rights of access to system resources.

    The following statuses can be assigned to applications:

    • Trusted. Applications, digitally signed by trusted vendors, or applications which are recorded in the base of trusted applications. These applications have no restrictions applied on actions performed in the system. The activity of these application is monitored by Proactive Defense and File Anti-Virus.
    • Low Restricted. Applications that do not have a digital signature from a trusted vendor, and which are not listed in the base of trusted applications. However, these applications have received a low threat rating (based on the data received from the Kaspersky Security Network service). They are allowed to perform some operations, such as access other processes, system control, hidden network access. The user’s permission is required for most operations.
    • High Restricted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have a high threat rating. The applications in this group require the user’s permission for most actions which affect the system: some actions are not allowed for such applications.
    • Untrusted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have received a very high threat rating. Kaspersky Internet Security blocks any actions performed by such applications.
    • Custom settings. Applications with your personal user-defined rules which regulate control of their activity by Kaspersky Internet Security.

    If the box is unchecked, Application Control does not consider applications with digital signatures as trusted, scanning
    their activities.

    This box is checked by default.

    Use the heuristic analysis to define status

    Application Control uses heuristic analysis to define the status of an unknown application. When the scan is complete, Application Control automatically assigns the application one of the three statuses.

    Kaspersky Internet Security assigns statuses to all applications running on your computer depending on their hazard level and rights of access to system resources.

    The following statuses can be assigned to applications:

    • Trusted. Applications, digitally signed by trusted vendors, or applications which are recorded in the base of trusted applications. These applications have no restrictions applied on actions performed in the system. The activity of these application is monitored by Proactive Defense and File Anti-Virus.
    • Low Restricted. Applications that do not have a digital signature from a trusted vendor, and which are not listed in the base of trusted applications. However, these applications have received a low threat rating (based on the data received from the Kaspersky Security Network service). They are allowed to perform some operations, such as access other processes, system control, hidden network access. The user’s permission is required for most operations.
    • High Restricted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have a high threat rating. The applications in this group require the user’s permission for most actions which affect the system: some actions are not allowed for such applications.
    • Untrusted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have received a very high threat rating. Kaspersky Internet Security blocks any actions performed by such applications.
    • Custom settings. Applications with your personal user-defined rules which regulate control of their activity by Kaspersky Internet Security.

    Threat detection technology for threats that cannot be detected using Anti-Virus databases. It allows detecting objects suspected of being infected with an unknown virus or a new modification of known viruses.

    The use of a heuristic analyzer detects up to 92% of threats. This mechanism is fairly effective and very rarely leads to false positives.

    Files detected by the heuristic analyzer are considered suspicious.

    Assign the following status automatically

    Application Control automatically assigns any unknown application one of the three statuses selected from the dropdown list. This list is available if the Assign the following status automatically setting is selected.

    Kaspersky Internet Security assigns statuses to all applications running on your computer depending on their hazard level and rights of access to system resources.

    The following statuses can be assigned to applications:

    • Trusted. Applications, digitally signed by trusted vendors, or applications which are recorded in the base of trusted applications. These applications have no restrictions applied on actions performed in the system. The activity of these application is monitored by Proactive Defense and File Anti-Virus.
    • Low Restricted. Applications that do not have a digital signature from a trusted vendor, and which are not listed in the base of trusted applications. However, these applications have received a low threat rating (based on the data received from the Kaspersky Security Network service). They are allowed to perform some operations, such as access other processes, system control, hidden network access. The user’s permission is required for most operations.
    • High Restricted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have a high threat rating. The applications in this group require the user’s permission for most actions which affect the system: some actions are not allowed for such applications.
    • Untrusted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have received a very high threat rating. Kaspersky Internet Security blocks any actions performed by such applications.
    • Custom settings. Applications with your personal user-defined rules which regulate control of their activity by Kaspersky Internet Security.

    Maximum time for determining the application status

    Time period required for Application Control to scan applications being run, using heuristic analysis. Time period is set in seconds.

    By default, Application Control analyzes an application for 30 seconds. If, when this time period expires, Application Control cannot clearly define threat rating of the application, the component assigns it the status of Low Restricted. Application Control goes on analyzing the application in the background and then the final status will be assigned to the application.

    Kaspersky Internet Security assigns statuses to all applications running on your computer depending on their hazard level and rights of access to system resources.

    The following statuses can be assigned to applications:

    • Trusted. Applications, digitally signed by trusted vendors, or applications which are recorded in the base of trusted applications. These applications have no restrictions applied on actions performed in the system. The activity of these application is monitored by Proactive Defense and File Anti-Virus.
    • Low Restricted. Applications that do not have a digital signature from a trusted vendor, and which are not listed in the base of trusted applications. However, these applications have received a low threat rating (based on the data received from the Kaspersky Security Network service). They are allowed to perform some operations, such as access other processes, system control, hidden network access. The user’s permission is required for most operations.
    • High Restricted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have a high threat rating. The applications in this group require the user’s permission for most actions which affect the system: some actions are not allowed for such applications.
    • Untrusted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have received a very high threat rating. Kaspersky Internet Security blocks any actions performed by such applications.
    • Custom settings. Applications with your personal user-defined rules which regulate control of their activity by Kaspersky Internet Security.

    The Additional section allows you to set time for scan of the application and manage deletion of application rules.

    Rule is a set of reactions which Application Control will use in response to application operations with various
    categories of operating system resources and personal data.

    Possible component reactions include the following:

    • Inherit. Application Control monitors application activity using the rule specified for the status, which it has assigned to that application.

      This is the default reaction. By default, Application Control inherits access rights from the status assigned to an application.

      If you have modified a rule for a certain application, the rule settings will have higher priority than the settings defined for its corresponding status.

    • Allow. Application Control allows an application to perform an action.
    • Block. Application Control does not allow an application to perform an action.
    • Prompt for action. Application Control informs the user that an application is attempting to perform an action, and prompts the user for further actions.
    • Log events. Application Control logs application activity and its responses to it. Adding the information to a report can be used together with any other Application Control action.

    Delete rules for applications remaining inactive for more than

    This box enables / disables the option to automatically delete rules for the applications that have not been run for the specified time period. Time period is specified in days.

    Rule is a set of reactions which Application Control will use in response to application operations with various categories of operating system resources and personal data.

    Possible component reactions include the following:

    • Inherit. Application Control monitors application activity using the rule specified for the status, which it has assigned to that application.

      This is the default reaction. By default, Application Control inherits access rights from the status assigned to an application.

      If you have modified a rule for a certain application, the rule settings will have higher priority than the settings defined for its corresponding status.

    • Allow. Application Control allows an application to perform an action.
    • Block. Application Control does not allow an application to perform an action.
    • Prompt for action. Application Control informs the user that an application is attempting to perform an action, and prompts the user for further actions.
    • Log events. Application Control logs application activity and its responses to it. Adding the information to a report can be used together with any other Application Control action.

    By default, Application Control deletes rules for applications that have not been run for more than 60 days.

    This box is checked by default.

  3. In the right part of the window, check the Internet Security mark fs Deleting rules for unused applications Delete rules for applications remaining inactive for more than box in the Additional section and specify the necessary number of days.

Internet Security arr Deleting rules for unused applicationsPage top

Deleting rules for unused applications