On the command line, you can start and stop the application of execution prevention rules for objects using the following predefined tasks:
By default, the Execution prevention for objects (ICS EDR) (EDRO_Prevention) and Execution prevention for objects (KICS for Networks) (KicsPrevention) are not started. You can start and stop the tasks manually.
You can run the Execution prevention for objects (ICS EDR) task only if integration with Kaspersky Industrial CyberSecurity Endpoint Detection and Response is enabled. You can start the Execution prevention objects (KICS for Networks) (KicsPrevention) task only if integration with Kaspersky Industrial CyberSecurity for Networks is enabled.
If the blocking mode of file operation interception is not enabled, execution prevention works in inform mode, regardless of the configured operating mode.
You can use the commands for managing object execution prevention rules to view the list of object execution prevention rules received from Kaspersky Industrial CyberSecurity Endpoint Detection and Response and Kaspersky Industrial CyberSecurity for Networks.
To view the list of object execution prevention rules from Kaspersky Industrial CyberSecurity Endpoint Detection and Response, run the following command:
kics-control [-T] --get-prevention-state --edro
To view the list of object execution prevention rules from Kaspersky Industrial CyberSecurity for Networks, run the following command:
kics-control [-T] --get-prevention-state --kics