Kaspersky Endpoint Security 12.7 for Windows

PREVENTION. Managing Execution prevention

Disabling the Execution prevention component or displaying the current settings of the component, including the list of execution prevention rules.

To run the command, go to the folder where the Kaspersky Endpoint Security executable file is located. You can also add the executable file path to the %PATH% system variable and run the command without navigating to the application folder.

Command syntax

avp.com prevention disable avp.com prevention /show

Upon executing the prevention /show command, you will get the following response:

prevention.enable=true|false

prevention.mode=audit|prevent

prevention.rules

id: <rule ID>

target: script|process|document

md5: <MD5 hash of the file>

sha256: <SHA256 hash of the file>

pattern: <path to the object>

case-sensitive: true|false

Command return values:

  • -1 means the command is not supported by the version of the application that is installed on the computer.
  • 0 means the command was executed successfully.
  • 1 means a mandatory argument was not passed to the command.
  • 2 means a general error occurred.
  • 4 means there was a syntax error.
  • 9 – wrong operation (for example, an attempt to disable the component when it is already disabled).