Host Intrusion Prevention

for Windows

The Host Intrusion Prevention component prevents applications from performing actions that may be dangerous for the operating system, and ensures control over access to operating system resources and personal data. The component provides computer protection with the help of anti-virus databases and the Kaspersky Security Network cloud service.

The component controls the operation of applications by using application rights. Application rights include the following access parameters:

Access to operating system resources (for example, automatic startup options, registry keys)
Access to personal data (such as files and applications)

Network activity of applications is controlled by the Firewall using network rules.

During the first startup of the application, the Host Intrusion Prevention component performs the following actions:

Checks the security of the application using downloaded anti-virus databases.
Checks the security of the application in Kaspersky Security Network.
You are advised to participate in Kaspersky Security Network to help the Host Intrusion Prevention component work more effectively.
Places the application in one of the trust groups: Trusted, Low Restricted, High Restricted, Untrusted.
A trust group defines the rights that Kaspersky Endpoint Security refers to when controlling application activity. Kaspersky Endpoint Security places an application in a trust group depending on the level of danger that this application may pose to the computer.

Kaspersky Endpoint Security places an application in a trust group for the Firewall and Host Intrusion Prevention components. You cannot change the trust group only for the Firewall or Host Intrusion Prevention.

If you refused to participate in KSN or there is no network, Kaspersky Endpoint Security places the application in a trust group depending on the settings of the Host Intrusion Prevention component. After receiving the reputation of the application from KSN, the trust group can be changed automatically.
Blocks application actions depending on the trust group. For example, applications from the High Restricted trust group are denied access to the operating system modules.

The next time the application is started, Kaspersky Endpoint Security checks the integrity of the application. If the application is unchanged, the component uses the current application rights for it. If the application has been modified, Kaspersky Endpoint Security analyzes the application as if it were being started for the first time.

Host Intrusion Prevention settings for Pro View

Parameter	OS	Description
Scan exclusions	`Windows`	A scan exclusion is a set of conditions that must be fulfilled so that Kaspersky Endpoint Security will not scan a particular object for viruses and other threats. Scan exclusions make it possible to safely use legitimate software that can be exploited by criminals to damage the computer or user data. Although they do not have any malicious functions, such applications can be exploited by intruders. For details on legitimate software that can be used by intruders to damage your computer or personal data, please refer to the Kaspersky IT Encyclopedia website. Kaspersky Endpoint Security supports environment variables and the `*` and `?` characters when entering a mask.

Parameter

Description

Scan exclusions

Windows

A scan exclusion is a set of conditions that must be fulfilled so that Kaspersky Endpoint Security will not scan a particular object for viruses and other threats. Scan exclusions make it possible to safely use legitimate software that can be exploited by criminals to damage the computer or user data. Although they do not have any malicious functions, such applications can be exploited by intruders. For details on legitimate software that can be used by intruders to damage your computer or personal data, please refer to the Kaspersky IT Encyclopedia website.

Kaspersky Endpoint Security supports environment variables and the * and ? characters when entering a mask.

Page top