For the Execution prevention rules to be applied on the device where the alert occurred, the active policy of the application that supports Kaspersky Endpoint Detection and Response Optimum functionality must be applied to this device. If the device, on which the alert occurred, is not managed by an active policy, the Execution prevention rule will not be created. For example, if the Kaspersky Endpoint Security for Windows EPP application is installed on the device, the Kaspersky Endpoint Security for Windows policy must be applied to this device. If Kaspersky Endpoint Agent and an EPP application, such as Kaspersky Security for Windows Server, are installed on a device, the Kaspersky Endpoint Agent policy must be applied to this device.
To prevent file execution from the alert details:
The file execution will be prevented. Execution prevention rule will be added to the policy for the group the device belongs to.
Page top