On the command line, you can start and stop the application of execution prevention rules for objects using the following predefined tasks:
By default, Execution prevention for objects (EDR (KATA)) (KATAEDR_Prevention) and Execution prevention for objects (EDR Optimum) (EDRO_Prevention) tasks are not started. You can start and stop these tasks manually.
You can run the Execution prevention for objects (EDR (KATA)) task only if integration with Kaspersky Endpoint Detection and Response (KATA) is enabled. You can run the Execution prevention for objects (EDR Optimum) task only if integration with Kaspersky Endpoint Detection and Response Optimum is enabled. Tasks are automatically stopped when the relevant integration is disabled.
You can use the commands for managing object execution prevention rules to view the list of object execution prevention rules received from Kaspersky Endpoint Detection and Response (KATA) and Kaspersky Endpoint Detection and Response Optimum.
To view the list of object execution prevention rules from Kaspersky Endpoint Detection and Response (KATA), run the following command:
kesl-control [-T] --get-prevention-state --kata
To view the list of object execution prevention rules from Kaspersky Endpoint Detection and Response Optimum, run the following command:
kesl-control [-T] --get-prevention-state --edro