Manualshelf

User guide

ManualsBrandsKaspersky Lab ManualsSoftwareSmall Office Security 2.0, 1s, 5u, 1y, Base
121122123124125126127128129130
U S E R G U I D E
122
INHERITANCE OF RESTRICTIONS OF THE PARENT PROCESS
Application startup may be initiated either by the user or by another application running. If the startup is initiated by
another application, it creates a startup procedure including parent and child applications.
When an application attempts to obtain access to a protected resource, Security Zone analyzes the rights of all parent
processes of this application, and compares them to the rights required to access this resource. The minimum priority
rule is then observed: when comparing the access rights of the application to those of the parent process, the access
rights with a minimum priority will be applied to the application's activity.
Access right priority:
1. Allow. Access right data has the highest priority.
2. Prompt user.
3. Block. Access right data has the lowest priority.
This mechanism prevents a non-trusted application or an application with restricted rights from using a trusted
application to perform actions requiring certain privileges.
If an application's activity is blocked because a parent process has insufficient rights, you can edit these rules (see
section "Editing application rules" on page 120) or disable inheritance of restrictions from the parent process.
You should modify the rights of a parent process only if you are absolutely certain that the process' activities do not
threaten the security of the system.
To disable inheritance of restrictions from the parent process, perform the following steps:
1. Open the main application window.
2. In the left part of the window, select the Security Zone section.
3. Follow the Applications Activity link in the right part of the window.
4. In the Application activity window that opens, in the Category list, select the required application category.
5. In the Group column, left-click the link with the name of the group for the required application.
6. In the menu that opens, select Move to group Custom settings.
7. On the Rules tab of the displayed window, uncheck the Inherit restrictions of the parent process
(application) box.
DELETING RULES FOR APPLICATIONS
By default, the rules for applications which have not been started for the 60 days are deleted automatically. You can
modify the storage time for rules for unused applications, or disable rules' automatic removal.
To set the storage time for application rules:
1. Open the main application window and click the Settings link in the top part.
2. In the window that opens, in the Protection Center section, select the Security Zone component.
3. For the selected component, check the Delete rules for applications remaining inactive for more than box
in the Additional section and specify the necessary number of days.