You can manage execution prevention rules for executable files and scripts, as well as for opening office-format files on the selected devices. For example, you can prevent launching the applications whose usage is considered unsafe on the selected device with Kaspersky Endpoint Agent installed. The application identifies the files by their paths or checksums using MD5 and SHA256 hash algorithms.
Execution prevention rule is a set of criteria that are considered when preventing an object from execution. The object must meet all the criteria of the Execution prevention rule in order for the application to block it from execution.
Settings of the Execution prevention rules can be managed using Kaspersky Security Center or from the command line.
When Kaspersky Endpoint Agent 3.9 is used, the prevention rules do not apply to files located on CDs or in ISO images. Execution or opening of such files is not blocked by the application.
Execution prevention rules mode
You can select one of the following modes of applying Execution prevention rules:
In this mode, Kaspersky Endpoint Agent records to the Windows Event Log and to Kaspersky Security Center an event about attempts to execute objects or open documents that meet the criteria of the Execution prevention rules, but does not block execution or opening these objects.
In this mode, Kaspersky Endpoint Agent blocks execution of the objects or opening the documents that meet criteria of the Execution prevention rules.
When you enable Execution prevention in Kaspersky Security Center, the Statistics only mode is selected by default.
User notification about a triggered Execution prevention rule
You can select the Notify device user about Execution prevention option. If Execution prevention is used in the Active mode and the Notify device user about Execution prevention option is selected, pop-up notifications will be displayed on the protected devices with information about the triggered Execution prevention rules. If the device user does not close the pop-up notification, it will close automatically in 60 seconds after it appears. By default, the Notify device user about Execution prevention option is disabled.
Page top