You can remotely terminate processes using the Terminate process task. For example, you can remotely terminate an Internet speed testing utility that was started using the Start process task.
If you want to prohibit running a file, you can configure the Execution prevention component. You can prohibit the execution of executable files, scripts, office format files.
The Terminate process task has the following limitations:
Processes of System Critical Objects (SCO) cannot be terminated. SCOs are files that the operating system and the Kaspersky Endpoint Security application require to be able to run.
You can configure the task for EDR Optimum in Web Console.
To create a Terminate process task:
In the main window of the Web Console, select Devices > Tasks.
The list of tasks opens.
Click Add.
The New task wizard starts.
Configure the task settings:
In the Application drop-down list, select Kaspersky Endpoint Security for Mac (12.1).
In the Task type drop-down list, select Terminate process.
In the Task name field, enter a brief description.
The task is assigned to devices included in an administration group. You can specify one of the existing groups or create a new one.
For example, you may want to use this option to run a task of sending a message to users if the message is specific for devices included in a specific administration group.
If a task is assigned to an administration group, the Security tab is not displayed in the task properties window because group tasks are subject to the security settings of the groups to which they apply.
You can specify NetBIOS names, DNS names, IP addresses, and IP subnets of devices to which you want to assign the task.
You may want to use this option to execute a task for a specific subnet. For example, you may want to install a certain application on devices of accountants or to scan devices in a subnet that is probably infected.
The task is assigned to devices included in a device selection. You can specify one of the existing selections.
For example, you may want to use this option to run a task on devices with a specific operating system version.
Select devices according to the selected task scope option.
At the Task scope step, specify an administration group, devices with specific addresses, or a device selection.
The available settings depend on the option selected at the previous step.
At this step of the wizard, in the Specify the file whose processes should be terminated drop-down list, select one of the options and fill in the required fields. To specify the file, you must enter the full path to the file, or both file hash and the path.
Note: If you're creating this task for a local device, you can specify the process by PID.
Enter the account credentials of the user whose rights you want to use to run the task. Click Next.
Note: By default, Kaspersky Endpoint Security starts the task as the system user account (root).
At the Finish task creation step, click the Finish button to create the task and close the wizard.
If you enabled the Open task details when creation is complete option, the task settings window opens. In this window, you can check the task parameters, modify them, or configure a task start schedule, if necessary.
Click the new task.
The task properties window opens.
Select the Schedule tab.
Configure the task schedule.
Note: Make sure the computer is turned on to run the task.
Click the Save button.
To run the task immediately regardless of the configured schedule, do the following:
Select the checkbox next to the task.
Click the Run button.
As a result, Kaspersky Endpoint Security terminates the process on the computer. For example, if a Game application is running and you terminate the Game process, the application is closed without saving data. You can view the results of the task in task properties in the Results section.