Host Intrusion Prevention

This component is available if Kaspersky Endpoint Security is installed on a computer that runs on Windows for workstations. This component is unavailable if Kaspersky Endpoint Security is installed on a computer that runs on Windows for servers.

The Host Intrusion Prevention component prevents applications from performing actions that may be dangerous for the operating system, and ensures control over access to operating system resources and personal data. The component provides computer protection with the help of anti-virus databases and the Kaspersky Security Network cloud service.

The component controls the operation of applications by using application rights. Application rights include the following access parameters:

Network activity of applications is controlled by the Firewall using network rules.

During the first startup of the application, the Host Intrusion Prevention component performs the following actions:

  1. Checks the security of the application using downloaded anti-virus databases.
  2. Checks the security of the application in Kaspersky Security Network.

    You are advised to participate in Kaspersky Security Network to help the Host Intrusion Prevention component work more effectively.

  3. Puts the application in one of the trust groups: Trusted, Low Restricted, High Restricted, Untrusted.

    A trust group defines the rights that Kaspersky Endpoint Security refers to when controlling application activity. Kaspersky Endpoint Security places an application in a trust group depending on the level of danger that this application may pose to the computer.

    Kaspersky Endpoint Security places an application in a trust group for the Firewall and Host Intrusion Prevention components. You cannot change the trust group only for the Firewall or Host Intrusion Prevention.

    If you refused to participate in KSN or there is no network, Kaspersky Endpoint Security places the application in a trust group depending on the settings of the Host Intrusion Prevention component. After receiving the reputation of the application from KSN, the trust group can be changed automatically.

  4. Blocks application actions depending on the trust group. For example, applications from the High Restricted trust group are denied access to the operating system modules.

The next time the application is started, Kaspersky Endpoint Security checks the integrity of the application. If the application is unchanged, the component uses the current application rights for it. If the application has been modified, Kaspersky Endpoint Security analyzes the application as if it were being started for the first time.

In this section

Enabling and disabling Host Intrusion Prevention

Managing application trust groups

Managing application rights

Protecting operating system resources and personal data

Deleting information about unused applications

Monitoring Host Intrusion Prevention

Protecting access to audio and video

Page top