This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.
To configure the list of Execution prevention rules:
In the main Kaspersky Security Center Web Console window select Devices → Policies and profiles.
Select the policy you want to configure.
In the <Policy name> window that opens, select the Application settings tab.
Select the Execution Prevention section.
You can do the following actions in the Prevention rules group of settings:
Add a prevention rule to the list.
Change a prevention rule's settings.
Remove a prevention rule from the list.
In the Prevention rules group of settings, select the Do not perform actions on critical system files check box if you want to exclude critical system files from the scope of prevention rules.
If you configure the policy settings, in the upper right corner of the group of settings, change the switch from Undefined to Enforce.
Click OK.
In the policy properties window, click Save.
When Kaspersky Endpoint Agent 3.9 is used, the prevention rules do not apply to files located on CDs or in ISO images. Execution or opening of such files is not blocked by the application.
When using Kaspersky Endpoint Agent 3.10 or later to create a prevention rule based on the path to a file located on a CD or in an ISO image, specify the path in the following format: \?\GLOBALROOT\Device\<device name>\<file path>, where <device name> is the name of the CD-ROM drive or mounted ISO image in your system. For example, the path might look like this: \?\GLOBALROOT\Device\CdRom1\some_file.exe.
When specifying objects by the file path criterion, you can use file masks (using the ? and * characters).