Jump to content
Michel-B

Application Control - Folder path variable

Recommended Posts

Since upgrading to KES 11.0.0.6499 and KSC 10.5.1781, some Application Folder's with variables in them are no longer working, it used to work before upgrading. Can you confirm if anything has changed?

We're using Application Startup Control in whitelist mode and have added a category to whitelist certain folders.

This works when I use the example path: C:\Users\user01\AppData\Local\*

However, when I use the following, it no longer works: %userprofile%\AppData\Local\* 

Has anything been changed related to using variables in folder paths?

 

Share this post


Link to post

I've sent the policy and category export through a PM.

Originally, this was a converted policy, but for this case I've created a brand new policy and category that I've used to testing. Those are the ones I've just sent you.

Share this post


Link to post

Hello. 

Historically %userprofile% was not supported as it is a user space variable and could not be correctly resolved by KES. 

Path to folder could not be dynamic in Application categories, because data is collected during category creation. 

If you need application category to be filled automatically you can use category type "Category with content added automatically" 
You may read about application categories types in the following article https://help.kaspersky.com/KSC/SP3/en-US/52459.htm

Share this post


Link to post

That's annoying, because it did in fact always work like I intended it. Until the update.

Now I've tried using the "Category with content added automatically"  but that fails for my.

  1. Create a new category with content automatically added
  2. Set the path to the folder and scan the folder
  3. I can see all executables added with their SHA256 hash in the conditions
  4. I add the category to the folder
  5. Executables are still not whitelisted and KES is showing the category as 'Category is not defined'.

I've added the category, policy and a screenshot

kes_vs_policy.png

Test Policy.klp

Auto_add_category.klc

Share this post


Link to post

Please perform forced synchronization with a workstation in KSC console, so we could be sure information was sent, restart KES on a workstation and shend us GSI report collected there afterwards. 

 

Share this post


Link to post

I've sent a PM with the download link to the GSI report. Please note that I had to disable protection in order to be able to run the GSI tool. I have the golden image added, but it is ignored because of that one faulty category.

Share this post


Link to post

Have you tried to start applications you have set as trusted ? 

 

Please enable traces for KES as described in the following article - https://help.kaspersky.com/KESWin/11/en-US/128166.htm. Remember to restart KES 11 after you enable tracing, try to start  application that should be trusted tell us executable name.  It would be great if you have tried to start applications for which you supplied checksums in previous post.

Category names does not cause other categories to fail. 

Submit traces and new GSI to @KLCentralSupport , we will ask developers to look into your issue. 

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.