Configuring object execution prevention when integrated with the Kaspersky Endpoint Detection and Response (KATA) component:
When integrated with the Kaspersky Endpoint Detection and Response (KATA) component, you can enable or disable object execution prevention in the policy properties (Application settings → Detection and Response → Endpoint Detection and Response (KATA)).
The Execution prevention toggle switch under Execution prevention enables or disables execution prevention rules of the EDR (KATA) component.
You can enable execution prevention rules only if integration with Kaspersky Endpoint Detection and Response (KATA) is enabled.
Configuring object execution prevention when integrated with Kaspersky Endpoint Detection and Response Optimum
When integrated with the Kaspersky Endpoint Detection and Response Optimum component, you can enable or disable object execution prevention and configure object execution prevention rules of the EDR (KATA) component:
Object execution prevention cannot be enabled or disabled in the device properties if a policy is applied to the device.
Object execution prevention settings when integrated with Kaspersky Endpoint Detection and Response Optimum
Setting |
Description |
---|---|
Execution prevention for objects is enabled/disabled |
Enables or disables EDR Optimum rules for execution prevention for objects. By default, rules are not applied. You can enable execution prevention rules only if integration with Kaspersky Endpoint Detection and Response Optimum is enabled. |
Action when starting or opening an object |
You can select the mode of object execution prevention:
|
List of object execution prevention rules. |
The Add link opens a window in which you can configure an object execution prevention rule of the EDR Optimum component. If necessary, you can remove a rule from the list by clicking the Delete button. |
To add a rule to the list of object execution prevention rules of the EDR Optimum component:
You can enable or disable the created rule at any time.
If you select the wrong object type, the application will be unable to block the file or script.
To specify a path to an object, select Use path and enter the path to the object.
To specify an object checksum, select the SHA256 or MD5 option and enter the object checksum.
The created rule is added to the list of rules in the Execution prevention for objects settings block.