Selecting an action on a file from the incident card

For the Execution prevention rules to be applied on the device where the incident occurred, the active Kaspersky Endpoint Agent policy must be applied to this device. If the device, on which the incident occurred, is not managed by an active policy, the Execution prevention rule will not be created.

To select an action on a file from an incident card:

1. Open the incident card.
2. To quarantine the file detected during the incident, in the File section click the Quarantine button.
3. To prevent execution of a file detected during the incident, in the File section click the Prevent execution button.

When Kaspersky Endpoint Agent 3.9 is used, the prevention rules do not apply to files located on CDs or in ISO images. Execution or opening of such files is not blocked by the application.

Page top