On the command line, you can start and stop the application of execution prevention rules for objects using the following predefined tasks:
By default, Execution prevention for objects (EDR (KATA)) (KATAEDR_Prevention) and Execution prevention for objects (EDR Optimum) (EDRO_Prevention) tasks are not started. You can start and stop these tasks manually.
You can run the Execution prevention for objects (EDR (KATA)) task only if integration with Kaspersky Endpoint Detection and Response (KATA) is enabled. You can run the Execution prevention for objects (EDR Optimum) task only if integration with Kaspersky Endpoint Detection and Response Optimum is enabled.
You can use object execution prevention rule management commands to view the list of object execution prevention rules of the EDR (KATA) and EDR Optimum components.
To view the list of EDR (KATA) object execution prevention rules, run the following command:
kesl-control [-T] --get-prevention-state --kata
To view the list of EDR Optimum object execution prevention rules, run the following command:
kesl-control [-T] --get-prevention-state --edro