Viewing the prevention rule table

The table of prevention rules is in the Prevention section of the program web interface window.

The table contains the following information:

1. Type—Type of prevention rule. Prevention rules can have the following types:
   • Global—Created on the PCN. These prevention rules apply to hosts that are connected to this PCN server and to all SCN servers that are connected to this PCN server. Prevention rules belong to the organization for which the user is working in the program web interface.
   • Local—Created on the SCN server. These prevention rules apply only to hosts that are connected to this SCN server. Prevention rules belong to the organization for which the user is working in the program web interface (if you are using distributed solution and multitenancy mode).
2. Name is the name of the prevention rule.
3. Servers are names of servers with the PCN or SCN role to which the prevention rule applies.

   This field is displayed only when you are using distributed solution and multitenancy mode.

   Operation mode in which the program can be used to protect the infrastructure of several organizations simultaneously.

   Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a master control server (Primary Central Node (PCN)) and slave servers (Secondary Central Nodes (SCN)).

4. Hosts is the name of the server with the Central Node component to whose hosts the prevention rule is applied.

   This field is displayed only when you are using a standalone Central Node server.

5. File hash—Hashing algorithm applied to identify a file.

   A file can be identified based on one of the following hashing algorithms:

   • MD5.
   • SHA256.

   Clicking the link with the name of the hashing algorithm opens a list in which you can view the file hash and select one of the following actions:

   • Filter by this value.
   • Exclude from filter.
   • Find on KL TIP.

     Kaspersky information system Contains and displays reputation information for files and URL addresses.

   • Find on virustotal.com (for SHA256).
   • Find events.

     When this action is performed, the Threat Hunting section opens with events that are already filtered based on the hash you selected.

   • Find alerts.

     When this action is performed, the Alerts section opens with alerts that are already filtered based on the hash you selected.

   • Enable prevention rule.
   • Disable prevention rule.
   • Delete prevention rule.
   • Copy value to clipboard.
6. State is the current state of the prevention rule.

   A prevention rule can have one of the following states:

   • Enabled
   • Disabled

See also Managing policies (prevention rules) Viewing a prevention rule Creating a prevention rule Enabling and disabling a prevention rule Enabling and disabling presets Deleting prevention rules Filtering prevention rules by name Filtering prevention rules by type Filtering prevention rules by file hash Filtering prevention rules by server name Clearing a prevention rule filter

Page top