Configuring Exploit Prevention on the command line

On the command line, you can manage Exploit Prevention using the settings of the Behavior Detection (Behavior_Detection) predefined task.

You can configure Exploit Prevention by editing the settings of the Behavior Detection predefined task (see the table below).

Exploit Prevention settings

Setting	Description	Values

`UseAEP`	Enable the Exploit Prevention component.	`Yes` enables Exploit Prevention. `No` (default) disables Exploit Prevention.
`AEPMode`	The action to take when an exploit is detected.	If set to `Block` (default), malicious activity of the exploit is blocked and an event is logged. If set to `Notify`, the activity of the exploit is not blocked, only information about the exploit being detected is recorded in the event log.
The [AEPExclusions.item_#] section contains exclusions from scanning for the Exploit Protection component.
`Enabled`	Enabling the exclusion from scanning of the Exploit Prevention protection component.	`Yes` (default value) – use the Exploit Prevention exclusion. `No` – do not use the Exploit Prevention exclusion.
`DetectName`	Excludes an object from scans by the name of the threat detected in the object. Before specifying a value for this setting, make sure that the `UseDetectName` setting is enabled.	In order to exclude an object from scans, specify the full name of the threat detected in this object – the string containing the application's decision that the object is infected. You can find the full name of the threat detected in an object in the application log or on the website https://threats.kaspersky.com.
`Hash`	Excludes an object in which a threat was detected by its hash. Before specifying a value for this setting, make sure that the `UseHash` setting is enabled.
`HashType`	The type of file hash that you want to use to exclude the file from scanning using the `Hash` parameter.	`Md5` – MD5 hash `Sha256` – SHA256 hash
`Path`	Excludes an object in which a threat was detected by its path. Before specifying a value for this setting, make sure that the `UseHash` setting is enabled.	`<full path to file or local directory>` — exclude the file or objects in the specified directory (including subdirectories) from scans. You can use the `*` and `?` characters in the path.
`UseDetectName`	Exclude objects containing the threats specified by the `DetectName` setting from scans.	`Yes` (default value) — exclude objects containing the threats specified by the `DetectName` setting from scans. `No`—Do not exclude from scanning the objects containing threats specified using the `DetectName` setting
`UseHash`	Exclude files with a detected threat by their hashes. The file hash is specified in the `Hash` parameter.	`Yes` (default value) – exclude a file with a detected threat by its hash. `No` – do not exclude a file with a detected threat by its hash.
`UsePath`	Exclude files with a detected threat by their paths. The path to the file is specified using the `Path` parameter.	`Yes` (default value) – exclude a file with a detected threat by its path. `No` – do not exclude a file with a detected threat by its path.

Page top