Support

Support for business applications

Kaspersky Endpoint Agent

Managing Kaspersky Endpoint Agent using the command line interface

Managing event filtering

Managing event filtering

November 17, 2023

ID 198513

To manage event filtering using the Kaspersky Endpoint Agent command line interface:

On the device, run a command line interpreter (for example, Command Prompt cmd.exe) with the permissions of the local administrator.
Using the cd command, navigate to the folder where the Agent.exe file is located.
For example, enter the command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\" and press ENTER.
Run the following command and press ENTER:
agent.exe --event =<createprocess|loadimage|registry|network|eventlog|filechange|accountloggon|codeinjection|wmiactivity> --action=<enable|disable|show>

See also

Managing Kaspersky Endpoint Agent activation

Managing Kaspersky Endpoint Agent authentication

Configuring tracing

Configuring creating a dump of Kaspersky Endpoint Agent processes

Viewing information about quarantine settings and quarantined objects

Actions on quarantined objects

Managing Kaspersky Sandbox integration settings

Managing integration settings with KATA Central Node component

Managing integration settings with Kaspersky Industrial CyberSecurity for Networks

Running Kaspersky Endpoint Agent database and module update

Starting, stopping and viewing the current application status

Protecting the application with password

Protecting application services with PPL technology

Managing self-defense settings

Managing network isolation

Managing Standard IOC Scan tasks

Configuring and launching the Security Audit task

Creating a thumbprint for the certificate for signing files with OVAL or XCCDF rules

Creating a Kaspersky Security Center installation package with custom OVAL or XCCDF rules

Managing scanning of files and processes according to YARA rules

Managing scanning of autorun point objects according to YARA rules

Managing Execution prevention

Creating a memory dump

Creating a disk dump

Specifying the source of Network Isolation and Execution Prevention settings

Managing SIEM integration settings

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.

Thank you for your feedback! You're helping us improve.

Join us on Telegram

Release info, latest updates in the support lifecycle and new articles

QR code for opening Kaspersky Technical Support channel on Telegram