You can configure Execution prevention rules for executable files and scripts, as well as for opening office documents on the selected devices. For example, you can prevent launching applications considered unsafe on the selected device protected by Kaspersky Endpoint Detection and Response Optimum. The application identifies the files by their paths or checksums based on MD5 and SHA256 hash algorithms.
An Execution prevention rule is a set of criteria considered when preventing the execution of an object. The object must meet all the criteria of the Execution prevention rule in order for the application to block its execution.
Kaspersky Endpoint Detection and Response Optimum has the following modes for applying Execution prevention rules:
In this mode, the EPP application blocks the execution of objects and the opening of documents that match the criteria in Execution prevention rules.
In this mode, the EPP application records an event in the Windows Event Log and Kaspersky Security Center about attempts to execute objects or open documents that meet the criteria in Execution prevention rules, but it does not block the execution or opening of these objects.
For information on enabling execution prevention, configuring its settings, and managing execution prevention rules from the command line, refer to the Kaspersky Endpoint Security for Windows Help and Kaspersky Endpoint Agent Help.
You can also prevent file execution from the alert details window.
If Kaspersky Endpoint Security for Windows 11.10.0 or later is installed on the organization's computers, this response action is not available for System Critical Objects (SCOs). SCOs include files required for the operation of the operating system and Kaspersky Endpoint Security for Windows. For details, refer to the Kaspersky Endpoint Security for Windows Help.
Page top