For Execution prevention rules to be applied on the device where an alert occurs, the active policy of an application that supports Kaspersky Endpoint Detection and Response Optimum functionality must be applied to the device. If the device on which an alert occurs is not managed by an active policy, an Execution prevention rule will not be created. For example, if Kaspersky Endpoint Security for Windows is the EPP application installed on the device, then a Kaspersky Endpoint Security for Windows policy must be applied to the device. If Kaspersky Endpoint Agent and an EPP application are installed on a device, the Kaspersky Endpoint Agent policy must be applied to the device.
To prevent file execution from the alert details:
File execution will be prevented. An Execution prevention rule will be added to the policy for the group the device belongs to.
Page top