The number of conceivable applications (software) that can be used on computing devices, including personal computers, is increasing today like an avalanche. Among the multiplicity of applications, there are many malicious programs that can inflict harm on a computer or a computer user, such as Internet worms, keyloggers, and/or computer viruses.
The problem of protecting a group of computing devices is especially urgent for administrators of computer networks, where a large number of applications can be installed on each computer in the network, some of which may be harmful. To handle this problem, one common approach is to use application control systems where the network administrator has access to the applications being executed on the computers in the network by using a combination of a centralized control module and a group of clients on the side of the computers of a corporate network that can execute commands received from the centralized control module. By using such a system, the network administrator can create rules to allowing prohibit applications from being executed on the computers in the network and also control access of those applications to the resources of the computers in the network.
One common way of using application control systems is a default denial that allows the use of only a example group of software on a computer. Such a group may consist, for example, of software which is present on a list of trusted applications (i.e., a whitelist). This approach can safeguard computers by restricting them from executing malicious software.
For computers on which only software from a list of trusted applications can be installed and used, the use of the aforementioned approach is justified and does not present any difficulties. However, this approach has a drawback—on computers where software is present that does not appear on the lists of trusted applications, but also is not harmful, this software, which may be a large quantity of software, will be blocked.
Known solutions to this problem involve modifying the application control rules. However, these approaches do not solve the problem of forming the application control rules from the standpoint of the safety of the computing device or they do not solve the problem effectively enough. Accordingly, there is a need in the field of computer security for more effective methods of generating application control rules.