Default Deny mode
Traditional 'Default Allow' policy Allows All applications running on a user's workstation Except those defined as Restricted or Blocked. In opposite 'Default Deny' policy allows the Blockung Of All applications running on a user's workstation Except those defined as Allowed.
A Golden image is a template of the ideal installation, done according to best practices and tuned for the best possible performance. 'Golden Image' category include the list of most important software which is necessary to start operating systems.
Before implementation of any security policies, the software inventory can be used to automatically collect comprehensive information about the applications used across the corporate network
Trusted updater category allows known applications to be updated by trusted vendors. Thus approved update system (such as a management application or patch management utility) can commit changes to the system.
Flexible software categorization allows administrators to use a predefined list of categories from Kaspersky Lab, take them from the endpoint or create their own list. Own categorization rules work according to the parameters created by the administrator, e.g.: file name and version; application name and version; vendor (publisher) MD5 hash; defined folders.
Implementation of Flexible rules allows administrator to use dozens of Kaspersky Lab rules or create his own depending on multiple available options such as file name, MD5, vendor, source folder, etc.
Local and Global Whitelisting database
Kaspersky Lab Global Whitelist database is always available in the cloud. Also administrator can create local Whitelist database which will be valid for his corporate network only.