Managing event filtering

To manage event filtering using the Kaspersky Endpoint Agent command line interface:

1. On the device, run a command line interpreter (for example, Command Prompt cmd.exe) with the permissions of the local administrator.
2. Using the cd command, navigate to the folder where the Agent.exe file is located.

   For example, enter the command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\" and press ENTER.

3. Run the following command and press ENTER:

   agent.exe --event =<createprocess|loadimage|registry|network|eventlog|filechange|accountloggon|codeinjection|wmiactivity> --action=<enable|disable|show>

See also Managing Kaspersky Endpoint Agent activation Managing Kaspersky Endpoint Agent authentication Configuring tracing Configuring creating a dump of Kaspersky Endpoint Agent processes Viewing information about quarantine settings and quarantined objects Actions on quarantined objects Managing Kaspersky Sandbox integration settings Managing integration settings with KATA Central Node component Managing integration settings with Kaspersky Industrial CyberSecurity for Networks Running Kaspersky Endpoint Agent database and module update Starting, stopping and viewing the current application status Protecting the application with password Protecting application services with PPL technology Managing self-defense settings Managing network isolation Managing Standard IOC Scan tasks Configuring and launching the Security Audit task Creating a thumbprint for the certificate for signing files with OVAL or XCCDF rules Creating a Kaspersky Security Center installation package with custom OVAL or XCCDF rules Managing scanning of files and processes according to YARA rules Managing scanning of autorun point objects according to YARA rules Managing Execution prevention Creating a memory dump Creating a disk dump Specifying the source of Network Isolation and Execution Prevention settings Managing SIEM integration settings

Page top