Preventing file execution from alert details

For Execution prevention rules to be applied on the device where an alert occurs, the active policy of an application that supports Kaspersky Endpoint Detection and Response Optimum functionality must be applied to the device. If the device on which an alert occurs is not managed by an active policy, an Execution prevention rule will not be created. For example, if Kaspersky Endpoint Security for Windows is the EPP application installed on the device, then a Kaspersky Endpoint Security for Windows policy must be applied to the device. If Kaspersky Endpoint Agent and an EPP application are installed on a device, the Kaspersky Endpoint Agent policy must be applied to the device.

This functionality is not supported by Kaspersky Endpoint Security for Linux 12.1.

To prevent file execution from the alert details:

  1. Open the alert details.
  2. In the File section, click the Prevent execution button.

File execution will be prevented. An Execution prevention rule will be added to the policy for the group the device belongs to.

Page top