About Execution prevention
November 17, 2023
ID 196275
You can manage execution prevention the rules for executable files and scripts, as well as the rules for opening office-format files, on the selected devices. For example, you can prevent launching applications whose usage is considered unsafe on a selected device with Kaspersky Endpoint Agent. The application identifies the files by their paths or checksums using MD5 and SHA256 hash algorithms.
An Execution prevention rule is a set of criteria that are considered when preventing an object from being executed. The object must meet all the criteria of the Execution prevention rule in order for the application to block it from being executed.
The settings of the Execution prevention rules can be managed by using Kaspersky Security Center or from the command line.
When Kaspersky Endpoint Agent 3.9 is used, the prevention rules do not apply to files located on CDs or in ISO images. Execution or opening of such files is not blocked by the application.
Execution prevention rules mode
You can select one of the following modes of applying Execution prevention rules:
- Statistics only.
In this mode, Kaspersky Endpoint Agent records to the Windows Event Log and to Kaspersky Security Center an event about attempts to execute objects or open documents that meet the criteria of the Execution prevention rules, but does not block execution or opening these objects.
- Active.
In this mode, Kaspersky Endpoint Agent blocks execution of the objects or opening the documents that meet criteria of the Execution prevention rules.
When you enable Execution prevention in Kaspersky Security Center, the Statistics only mode is selected by default.
User notification about a triggered Execution prevention rule
You can select the Notify device user about prevention option. If Execution prevention is used in the Active mode and the Notify device user about prevention option is selected, pop-up notifications will be displayed on the protected devices with information about the triggered Execution prevention rules. If the device user does not close the pop-up notification, it will close automatically in 60 seconds after it appears. By default, the Notify device user about prevention option is disabled.
