A rule is a set of reactions by Intrusion Prevention in response to actions that an application performs on various categories of operating system resources and personal data.
Intrusion Prevention can react to actions of an application in the following ways:
Inherit. Intrusion Prevention reacts to the activity of the application by applying the rule that is configured for the status that Intrusion Prevention has assigned to the application.
This response is applied by default. By default, Intrusion Prevention inherits access rights from the status that Intrusion Prevention has assigned to the application.
If you edited a rule for an application, the rule for the application will have a higher priority than the rule for the status that was assigned to the application.
Allow. Intrusion Prevention allows the application to perform the action.
Deny. Intrusion Prevention prevents the application from performing the action.
Ask user. If the Perform recommended actions automatically check box is cleared under Settings → Security settings → Exclusions and actions on object detection, Intrusion Prevention asks the user to decide. If the check box is selected, the action is chosen automatically. You can follow the footnote in Kaspersky application window to read about exactly which action will be selected.
Log events. Intrusion Prevention logs information about the application activity and responses to it in a report. Information can be added to a report in addition to any other action taken by Intrusion Prevention.