Selecting an action on a file from the incident card

This Help provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

For the Execution prevention rules to be applied on the device where the incident occurred, the active Kaspersky Endpoint Agent policy must be applied to this device. If the device, on which the incident occurred, is not managed by an active policy, the Execution prevention rule will not be created.

To select an action on a file from an incident card:

  1. Open the incident card.
  2. To quarantine the file detected during the incident, in the File section click the Quarantine button.
  3. To prevent execution of a file detected during the incident, in the File section click the Prevent execution button.

When Kaspersky Endpoint Agent 3.9 is used, the prevention rules do not apply to files located on CDs or in ISO images. Execution or opening of such files is not blocked by the application.

Page top