Viewing a prevention rule

To view information about a prevention rule:

1. Select the Prevention section in the program web interface window.

   This opens the prevention rule table

2. Select the prevention rule that you want to view.

A prevention rule contains the following information:

• The Events link opens the Threat Hunting section with the search condition containing your selected prevention rule.
• State is the current state of the prevention rule.

  A prevention rule can have one of the following states:

  • Enabled
  • Limited functionality
• The Details tab contains the following information:
  • MD5/SHA256 is the hash of the file prevented from running.

    Clicking the MD5/SHA256 link opens a list in which you can select one of the following actions:

    • Find on KL TIP.

      Kaspersky information system Contains and displays reputation information for files and URL addresses.

    • Find events.
    • Find alerts.
    • Copy value to clipboard.
  • Name is the name of the prevention rule or file prevented from running.
  • Type—Type of prevention rule. Prevention rules can be one of the following types:
    • Global—Created on the PCN. These prevention rules apply to hosts that are connected to this PCN server and to all SCN servers that are connected to this PCN server. Prevention rules belong to the organization for which the user is working in the program web interface.
    • Local—Created on the SCN server. These prevention rules apply only to hosts that are connected to this SCN server. Prevention rules belong to the organization for which the user is working in the program web interface (if you are using distributed solution and multitenancy mode).
  • Notification is the state of the Notify user about the task execution setting.
  • Prevent on is the list of hosts on which the prevention rule is applied.

    If the prevention is in effect on all hosts, the All hosts section is displayed.

• The Change log tab contains a list of changes made to the prevention: time of the change, name of the user that changed the prevention, and actions taken on the prevention.

See also Managing policies (prevention rules) Viewing the prevention rule table Creating a prevention rule Enabling and disabling a prevention rule Deleting prevention rules Filtering prevention rules by name Filtering prevention rules by type Filtering prevention rules by file hash Filtering prevention rules by server name Clearing a prevention rule filter

Page top