You can remotely terminate processes using the Terminate process task. For example, you can remotely terminate an Internet speed testing utility that was started using the Process starttask.
If you want to prohibit running a file, you can configure the Execution prevention component. You can prohibit the execution of executable files, scripts, office format files.
The Terminate process task has the following limitations:
Processes of System Critical Objects (SCO) cannot be terminated. SCOs are files that the operating system and the Kaspersky Endpoint Security for Windows application require to be able to run.
You can configure the task for EDR Optimum in Web Console and Cloud Console. Task settings for EDR Expert are available only in Cloud Console.
To create a Terminate process task:
In the main window of the Web Console, select Devices → Tasks.
The list of tasks opens.
Click the Add button.
The Task Wizard starts.
Configure the task settings:
In the Application drop-down list, select Kaspersky Endpoint Security for Windows (12.0).
In the Task type drop-down list, select Process termination.
In the Task name field, enter a brief description.
In the Select devices to which the task will be assigned block, select the task scope.
Select devices according to the selected task scope option. Click the Next button.
Enter the account credentials of the user whose rights you want to use to run the task. Click the Next button.
By default, Kaspersky Endpoint Security starts the task as the system user account (SYSTEM).
Finish the wizard by clicking the Finish button.
A new task will be displayed in the list of tasks.
Click the new task.
The task properties window opens.
Select the Application settings tab.
To complete the process, you must select the file that you want to terminate. You can select a file in one of the following ways:
Enter the full name to the file.
Enter the hash of the file and the path to the file.
Enter the PID of the process (only for local tasks).
If the file is located on a network drive, enter the file path starting with \\, and not the drive letter. For example, \\server\shared_folder\file.exe. If the file path contains a network drive letter, you can get a File not found error.
In the task properties window, select the Schedule tab.
Configure the task schedule.
Wake-on-LAN is not available for this task. Make sure the computer is turned on to run the task.
Click the Save button.
Select the check box next to the task.
Click the Run button.
As a result, Kaspersky Endpoint Security terminates the process on the computer. For example, if a 'GAME' application is running and you terminate the game.exe process, the application is closed without saving data. You can view the results of the task in task properties in the Results section.