Managing the set of Execution prevention rules

To configure the list of Execution prevention rules:

1. Do one of the following:
   • Open the application properties window for an individual device.
     1. In the main Kaspersky Security Center Web Console window select Devices → Managed devices.
     2. Select the device.
     3. In the <Device name> window that opens, select the Applications tab.
     4. Select Kaspersky Endpoint Agent.
     5. In the window that opens, select the Application settings tab.
   • Open the policy properties window.
     1. In the main Kaspersky Security Center Web Console window select Devices → Policies and profiles.
     2. Select the policy you want to configure.
     3. In the <Policy name> window that opens, select the Application settings tab.
2. Select the Execution Prevention section.
3. You can do the following actions in the Prevention rules group of settings:
   • Add a prevention rule to the list.
   • Change a prevention rule settings.
   • Remove a prevention rule from the list.
4. If you configure the policy settings, in the upper right corner of the group of settings, change the switch from Undefined to Enforce.
5. Click OK.
6. In the policy properties window, click Save.

When Kaspersky Endpoint Agent 3.9 is used, the prevention rules do not apply to files located on CDs or in ISO images. Execution or opening of such files is not blocked by the application.

When using Kaspersky Endpoint Agent 3.10 or later to create a prevention rule based on the path to a file located on a CD or in an ISO image, specify the path in the following format: \?\GLOBALROOT\Device\<device name>\<file path>, where <device name> is the name of the CD-ROM drive or mounted ISO image in your system. For example, the path might be like this: \?\GLOBALROOT\Device\CdRom1\some_file.exe.

When specifying objects by the file path criterion, you can use file masks (using the? and * characters).

Page top