The Host Intrusion Prevention component prevents applications from performing actions that may be dangerous for the operating system, and ensures control over access to operating system resources and personal data.
This component controls the activity of applications, including their access to protected resources (such as files and folders, registry keys) by using application rights. Application rights are a set of restrictions that apply to various actions of applications in the operating system and to rights to access computer resources.
The network activity of applications is monitored by the Firewall component.
When an application is started for the first time, the Host Intrusion Prevention component checks the security of the application and places it into one of the trust groups. A trust group defines the rights that Kaspersky Endpoint Security refers to when controlling application activity.
You are advised to participate in Kaspersky Security Network to help the Host Intrusion Prevention component work more effectively. Data that is obtained through Kaspersky Security Network allows you to sort applications into groups with more accuracy and to use optimum application rights.
The next time the application starts, Host Intrusion Prevention verifies the integrity of the application. If the application is unchanged, the component uses the current application rights for it. If the application has been modified, Host Intrusion Prevention analyzes the application as if it were being started for the first time.
Host Intrusion Prevention component settings
Parameter |
Description |
|---|---|
Application rights |
Consolidated list of all applications that are installed on computers managed by the policy. |
Protected resources |
The list contains categorized computer resources. The Host Intrusion Prevention component monitors attempts by other applications to access resources in the list. A resource can be a category, file or folder, or registry key. If the check box next to a resource is selected, the Host Intrusion Prevention component protects the resource. |
Update rights for previously unknown applications from KSN database |
If the check box is selected, the Host Intrusion Prevention component updates rights for previously unknown applications by using the Kaspersky Security Network database. |
Trust applications that have a digital signature |
If this check box is selected, the Host Intrusion Prevention component places digitally signed applications in the Trusted group. If this check box is cleared, the Host Intrusion Prevention component does not consider digitally signed applications to be trusted, and uses other parameters to determine their trust group. |
Delete rights for applications that are not started for more than N days |
If the check box is selected, Kaspersky Endpoint Security automatically deletes information about the application (trust group and access rights) if the following conditions are met:
If the trust group and rights of an application were determined automatically, Kaspersky Endpoint Security deletes information about this application after 30 days. It is not possible to change the storage term for application information or turn off automatic deletion. The next time you start this application, Kaspersky Endpoint Security analyzes the application as if it were starting for the first time. |
If a trust group cannot be defined, automatically move applications to |
Items in this drop-down list determine to which trust group Kaspersky Endpoint Security will assign an unknown application. You can choose one of the following items:
|
Applications launched before Kaspersky Endpoint Security for Windows are automatically moved to the trust group |
Items in this drop-down list determine in which trust group Kaspersky Endpoint Security will place applications that are started before Kaspersky Endpoint Security. You can choose one of the following items:
|