KSWS Application Control rules with Digital Certificate FAQ [Kaspersky Security for Windows Server]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

Security administrator can create KSWS Application Control rules based on Digital Certificate.

What does product actually checks and how it is related to the file itself?

First of all, product checks whether the file matches certificate. Secondly, whether certificate is valid. If any of verifications fail - launch of the file will be denied. And vice versa.

If signed file which execution was allowed by certificate has been modified, will execution of the file be allowed?

Altering the file signed by the certificate will cause its certificate to no longer confirm the integrity of this file. As a result "Allowing" rule will no longer be applied to the file.

How the control of the revoked certificates operates, if such a control exist?

Certificates revocation in the operation system is implemented through OS updates. When a certificate becomes revoked, it can no longer pass validation checks. Thus file execution will be blocked.

When both the subject of the certificate and its thumbprint verifications are selected, then product checks that the file is signed by an exact "version" of certificate. In other words, it will not be enough to make a self-signed certificate with the Subject field equal to "Redmont, Microsoft" - such a certificate does not coincide with the real thumbprint of Microsoft.