You can configure execution prevention rules for executable files and scripts, as well as for opening office-format files on the selected devices. For example, you can prevent launching the applications whose usage is considered unsafe on the selected device protected by Kaspersky Endpoint Detection and Response Optimum. The application identifies the files by their paths or checksums using MD5 and SHA256 hash algorithms.
Execution prevention rule is a set of criteria that are considered when preventing an object from execution. The object must meet all the criteria of the Execution prevention rule in order for the application to block it from execution.
Kaspersky Endpoint Detection and Response Optimum has the following modes for applying execution prevention rules:
For information on enabling execution prevention, configuring its settings and managing execution prevention rules from the command line, refer to Kaspersky Endpoint Security for Windows Help and Kaspersky Endpoint Agent Help.
You can also prevent the file execution from the alert details window.
If Kaspersky Endpoint Security for Windows 11.10.0 or later is installed on the organization computers, this response action is not available for System Critical Objects (also referred to as SCO). SCOs include files required for the functioning of operating system and Kaspersky Endpoint Security for Windows. For details, refer to Kaspersky Endpoint Security for Windows Help.
Page top