Following a recommendation to prevent a file from running

To follow a recommendation to prevent a file from running:

In the recommendations box, select Create a prevention rule.
This opens the prevention rule creation window with the MD5 or SHA256 hash of the file from the event you are working on.
Configure the following settings:
1. State is the state of the prevention rule:
  - If you want to enable the prevention rule, set the toggle switch to On.
  - If you want to disable the prevention rule, set the toggle switch to Off.
2. Name is the name of the prevention rule.
3. If you want the program to display a prevention rule triggering notification to the user of the computer on which the prevention is applied, select the Notify user about the task execution check box.
4. If you want to change the scope of the prevention rule, configure the Prevent on setting:
  - If you want to apply the prevention rule on all hosts of all servers, select All hosts.
  - If you want to apply the prevention rule on selected servers, select the Specified servers option and on the right of the Servers parameter name select the check boxes next to the names of the servers on which you want to apply the prevention rule.
    This option is available only when distributed solution and multitenancy mode is enabled.
    
    Operation mode in which the program can be used to protect the infrastructure of several organizations simultaneously.
  - If you want to apply the prevention rule on selected hosts, select the Specified hosts option and list these hosts in the Hosts field.
Click the Add button.

The file run prevention is created.

Information about the created prevention is displayed in the Prevention section of the web interface.

If you selected the Notify user about the task execution check box and there is an attempt to start a file prevented from running, the user is notified that a startup prevention rule was triggered by this file.

Users with the Security auditor and Security officer roles cannot prevent file execution.