Execution prevention for objects

When integrated with Detection and Response solutions, as part of a threat response action, Kaspersky Endpoint Security can control the execution of executable files and scripts, as well as the opening of office application files on the device. Execution prevention for objects supports a certain set of file extensions for office applications and a certain set of script interpreters. By blocking the launch of objects, you can stop the spread of a threat.

Object execution prevention is based on the execution prevention rules. An execution prevention rule is a set of criteria that the Kaspersky Endpoint Security application takes into account when responding to the execution of an object. The application blocks the execution of an object only if the object satisfies all criteria of an execution prevention rule. The application identifies files by their path or MD5 or SHA256 checksum.

The execution prevention functionality is available in the Kaspersky Endpoint Security application if one of the following conditions is satisfied:

Execution prevention for objects is disabled by default.

Enabling execution prevention for objects may affect the startup speed of applications in the operating system.

For object execution prevention to work, you need to enable execution prevention rules.

Special considerations for object execution prevention when integrated with Kaspersky Endpoint Detection and Response (KATA)

When Kaspersky Endpoint Security is integrated with the Kaspersky Endpoint Detection and Response (KATA) component, the application uses object execution prevention rules of the EDR (KATA) component. The application gets these rules from Kaspersky Endpoint Detection and Response (KATA).

When integrated with the Kaspersky Endpoint Detection and Response (KATA) component, you can:

Special considerations for object execution prevention when integrated with Kaspersky Endpoint Detection and Response Optimum

When Kaspersky Endpoint Security is integrated with the Kaspersky Endpoint Detection and Response Optimum solution, the application uses object execution prevention rules of the EDR Optimum component. You can create these rules manually in the Web Console. You can also create execution prevention rules automatically in the alert details window.

When integrated with Kaspersky Endpoint Detection and Response Optimum, you can:

When integrated with Kaspersky Endpoint Detection and Response Optimum, object execution prevention can work in one of two modes:

Limitations of execution prevention for objects

The following limitations apply to object execution prevention rules:

In this section

Configuring execution prevention for objects in the Web Console

Configuring object execution prevention in the Administration Console

Managing execution prevention for objects on the command line

Page top