Securing services of the application using the PPL technology

Kaspersky Endpoint Agent implements the protection of services (for example, the soyuz.exe service) using the Protected Process Light (PPL) technology.

Processes that are run with the PPL flag cannot be stopped or modified by other processes that do not have the PPL attribute.

Using the PPL flag for application services lets us secure the services from outside malicious activity or attempts to compromise the application.

To configure the protection of application services with the PPL technology using the Kaspersky Endpoint Agent command line interface:

1. On the workstation, run the command line interpreter (for example, Command Prompt cmd.exe) under the local administrator user account.
2. Use the cd command to change to the directory where the agent.exe file is located.

   For example, you can type cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\" and press ENTER.

3. Enter one of the following commands and press ENTER:
   • agent.exe --ppl=show [--pwd=<current user password>] if you want to view the current status of PPL protection of application services.
   • agent.exe --ppl=disable [--pwd=<current user password>] if you want to disable PPL protection of application services.

Return codes of the --ppl command:

• 0 – command executed successfully.
• 2 – general error.
• 4 – syntax error.
• 8 – access rights error.

See also Configuring tracing Configuring dump creation Viewing information about Quarantine options and quarantined objects Actions with quarantined objects Managing Kaspersky Sandbox integration options Running Kaspersky Endpoint Agent database update Running, stopping, and viewing the current state of the application Password protecting the application

Page top