Trusted Applications [KES for Mac]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

The KESMac 12 and the KESMac 11.3 patch C allows adding particular processes into the trusted section named Trusted Applications.

The both filesystem and network activity of which can be ignored by the product increasing performance.

Please, however, note that this could be potentially risky. 

https://support.kaspersky.com/KESMac/11.3_adminguide/en-US/194142.htm

Problem

This article will describe a few ways to configure KES for Mac to exclude some of the software from the scope of the product.

Solution

Trusted applications

In order to have an ability to exсlude an application from scanning with KES, a function of Trusted Applications available in Kaspersky Endpoint Security for Mac can be used:

The Trusted applications section as seen in the policy creation wizard. Naturally, it can be configured later by modifying the policy.

Update the plugin to at least version 11.3.0.33 to get the new functionality.

In some specific cases it might be required to put several binaries to Trusted Applications simultaneously in order to take effect. So, a final solution might include several path-based exclusions accompanied by a few BundleID-based ones.

Trusted Applications are only available for configuration via KSC policy; i.e. it is currently impossible to add application to exclusions having no KSC installed.

Additionally, an appropriate application control plug-in for KESMac must be downloaded and installed on the KSC prior to using Trusted Application functionality. It can be found on the corresponding download page.

Common exclusions for developers

It's suggested excluding the following paths: "/Library/Developer/CommandLineTools" and "/Library/Toolchains" for the standard developers' utilities, as well as the "/Applications/Xcode.app/*" for the XCode.

At the same time, in case you use alternative tools, contact Kaspersky Support to get the exact paths for further exclusions.

Excluding TCP 443 from port monitoring

Additionally, in case of HTTPS-connectivity issues, unchecking port 443 in Monitored ports may also help: