Protecting application services with PPL technology

This Help provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

Protection of application services using the Protected Process Light (PPL) technology is implemented in Kaspersky Endpoint Agent.

Protection of application services using the Protected Process Light (PPL) technology can be applied only for the following operating systems:

• For workstations: Windows 10 version 1703 RS2 and above
• For servers: Windows Server 2016 version 1709 and above

Processes that are running with the PPL flag cannot be stopped or changed by other processes without the PPL flag.

Usage of the PPL flag for the application services allows you to protect the services from malicious external influences and attempts to compromise the application.

To configure protection of application services by the PPL technology using the command line interface:

1. On the device, run a command line interpreter (for example, Command Prompt cmd.exe) with the permissions of the local administrator.
2. Using the cd command, navigate to the folder where the Agent.exe file is located.

   For example, you can type the following command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\" and press ENTER.

3. Enter one of the following commands and press ENTER:
   • agent.exe --ppl=show [--pwd=<current user password>], to view the current status of application services protection by the PPL technology.
   • agent.exe --ppl=disable [--pwd=<current user password>], to disable the application services protection by the PPL technology.

Return codes of the --ppl command:

• 0 – command successfully executed.
• 2 – general error.
• 4 – syntax error.
• 8 – permission error.

See also Managing Kaspersky Endpoint Agent activation Managing Kaspersky Endpoint Agent authentication Configuring tracing Configuring Kaspersky Endpoint Agent connection settings to a proxy server Enabling and disabling integration with Kaspersky Sandbox Configuring Kaspersky Endpoint Agent connection settings to a proxy server Enabling and disabling integration with Kaspersky Sandbox About the activation code Hardware and software requirements Updating Kaspersky Endpoint Agent from the previous version Data in requests to Kaspersky Industrial CyberSecurity for Networks server Managing integration settings with Kaspersky Industrial CyberSecurity for Networks Enabling integration with Kaspersky Industrial CyberSecurity for Networks Configuring synchronization settings between Kaspersky Endpoint Agent and Kaspersky Industrial CyberSecurity for Networks Configuring creation of dump files Viewing information about quarantine settings and quarantined objects Actions on quarantined objects Managing Kaspersky Sandbox integration settings Managing integration settings with KATA Central Node component Managing integration settings with Kaspersky Industrial CyberSecurity for Networks Running Kaspersky Endpoint Agent database and module update Starting, stopping and viewing the current application status Protecting the application with password Managing self-defense settings Managing event filtering Managing network isolation Managing Standard IOC Scan tasks Managing YARA scan Managing Execution prevention

Page top