By default, Exploit Prevention is enabled and functions in the optimal mode. Kaspersky Endpoint Security monitors executable files being run by vulnerable applications. If Kaspersky Endpoint Security detects that an executable file from a vulnerable application was run by something other than the user, Kaspersky Endpoint Security will perform the selected action (for example, will block the operation).
Open the Kaspersky Security Center Administration Console.
In the console tree, select Policies.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select Advanced Threat Protection → Exploit Prevention.
Use the Exploit Prevention check box to enable or disable the component.
Select the relevant action in the On detecting exploit block:
Block operation. If this item is selected, on detecting an exploit, Kaspersky Endpoint Security blocks the operations of this exploit and makes a log entry with information about this exploit.
Notify. If this item is selected, when Kaspersky Endpoint Security detects an exploit it logs an entry containing information about the exploit and adds information about this exploit to the list of active threats.
In the main window of the Web Console, select Devices → Policies & Profiles.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Advanced Threat Protection → Exploit Prevention.
Use the Exploit Prevention toggle to enable or disable the component.
Select the relevant action in the On detecting exploit block:
Block operation. If this item is selected, on detecting an exploit, Kaspersky Endpoint Security blocks the operations of this exploit and makes a log entry with information about this exploit.
Notify. If this item is selected, when Kaspersky Endpoint Security detects an exploit it logs an entry containing information about the exploit and adds information about this exploit to the list of active threats.
In the application settings window, select Advanced Threat Protection → Exploit Prevention.
Exploit Prevention settings
Use the Exploit Prevention toggle to enable or disable the component.
Select the relevant action in the On detecting exploit block:
Block operation. If this item is selected, on detecting an exploit, Kaspersky Endpoint Security blocks the operations of this exploit and makes a log entry with information about this exploit.
Notify. If this item is selected, when Kaspersky Endpoint Security detects an exploit it logs an entry containing information about the exploit and adds information about this exploit to the list of active threats.