Protection of services (for example, the soyuz.exe service) using the Protected Process Light (PPL) technology is implemented in Kaspersky Endpoint Agent.
Processes that are running with the PPL flag cannot be stopped or changed by other processes without the PPL flag.
Usage of the PPL flag for the application services allows you to protect the services from malicious external influences and attempts to compromise the application.
To configure protection of application services by the PPL technology through the command line interface:
cd
command, navigate to the folder where the Agent.exe file is located.For example, you can type the following command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\"
and press ENTER.
agent.exe --ppl=show [--pwd=<current user password>]
, to view the current status of application services protection by the PPL technology.agent.exe --ppl=disable [--pwd=<current user password>]
, to disable the application services protection by the PPL technology.Return codes of the --ppl
command: