Creating a prevention rule

To create a prevention rule:

  1. Select the Prevention section in the program web interface window.

    This opens the prevention rule table

  2. Click the Add button.

    This opens the prevention rule creation window.

  3. Configure the following settings:
    1. State is the state of the prevention rule:
      • If you want to enable the prevention rule, set the toggle switch to On.
      • If you want to disable the prevention rule, set the toggle switch to Off.
    2. MD5/SHA256—MD5- or SHA256 hash of the file or data stream that you want to prevent from starting.
    3. Name is the name of the prevention rule.
    4. If you want the program to display a prevention rule triggering notification to the user of the computer on which the prevention is applied, select the Notify user about the task execution check box.

      If you selected the Notify user about the task execution check box and there is an attempt to start a file prevented from running, the user is notified that a startup prevention rule was triggered by this file.

    5. Prevent on is the prevention rule scope:
      • If you want to apply the prevention rule on all hosts of all servers, select All hosts.
      • If you want to apply the prevention rule on selected servers, select the Specified servers option and on the right of the Servers parameter name select the check boxes next to the names of the servers on which you want to apply the prevention rule.

        This option is available only when distributed solution and multitenancy mode is enabled.

      • If you want to apply the prevention rule on selected hosts, select the Specified hosts option and list these hosts in the Hosts field.

      Prevention rules cannot be created for hosts with the Kaspersky Endpoint Agent for Linux program. When creating a prevention rule, if you select a host with Kaspersky Endpoint Agent for Linux or all hosts as the scope of the rule, the rule is not applied or is only applied to hosts with Kaspersky Endpoint Agent for Windows.

  4. Click the Add button.

The file startup prevention will be created.

Users with the Security auditor role cannot create file launch prevention rules.

Users with the Security officer role do not have access to the prevention rules for launching files and processes on selected hosts using policies.

See also

Managing policies (prevention rules)

Viewing the prevention rule table

Viewing a prevention rule

Enabling and disabling a prevention rule

Enabling and disabling presets

Deleting prevention rules

Filtering prevention rules by name

Filtering prevention rules by type

Filtering prevention rules by file hash

Filtering prevention rules by server name

Clearing a prevention rule filter

Page top