Managing event filtering

This Help provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

To manage event filtering using the command line interface:

1. On the device, run a command line interpreter (for example, Command Prompt cmd.exe) with the permissions of the local administrator.
2. Using the cd command, navigate to the folder where the Agent.exe file is located.

   For example, you can type the following command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\" and press ENTER.

3. Run the following command and press ENTER:

   agent.exe --event =<createprocess|loadimage|registry|network|eventlog|filechange|accountloggon|codeinjection|wmiactivity> --action=<enable|disable|show>

See also Managing Kaspersky Endpoint Agent activation Managing Kaspersky Endpoint Agent authentication Configuring tracing Configuring creation of dump files Viewing information about quarantine settings and quarantined objects Actions on quarantined objects Managing integration settings with KATA Central Node component Running Kaspersky Endpoint Agent database and module update Starting, stopping and viewing the current application status Protecting the application with password Protecting application services with PPL technology Managing self-defense settings Managing network isolation Managing Standard IOC Scan tasks Managing YARA scan

Page top