Selecting an action on a file from the incident card

To perform the actions selected in the incident card, the active Kaspersky Endpoint Agent policy must be applied to the device on which the incident occurred. If the device, on which the incident occurred, is not managed by the active policy, the rule to prevent the file execution or the device isolation will not be created.

To select an action on a file from an incident card:

1. Open the incident card.
2. To quarantine the file detected during the incident, in the File section click the Quarantine button.
3. To prevent execution of a file detected during the incident, in the File section click the Prevent execution button.

Execution prevention rules do not apply to files located on compact-disks or in ISO-images. Execution or opening of such files is not prevented by the application.

Page top