Protecting operating system resources and personal data
The Host Intrusion Prevention component manages the rights of applications to take actions on various categories of operating system resources and personal data. Kaspersky specialists have established preset categories of protected resources. For example, the Operating system category has a Startup settings subcategory that lists all the registry keys associated with autorun of applications. You cannot edit or delete the preset categories of protected resources or the protected resources that are within these categories.
Open the Kaspersky Security Center Administration Console.
In the console tree, select Policies.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select Advanced Threat Protection → Host Intrusion Prevention.
Intrusion Prevention settings
In the Application rights and protected resources block, click the Settings button.
This opens the application rights configuration window and the list of protected resources.
Select the Protected resources tab.
You will see a list of protected resources in the left part of the window and the corresponding rights for accessing those resources depending on the specific trust group.
Select the category of protected resources to which you want to add a new protected resource.
If you want to add a subcategory, click Add → Category.
Click the Add button. In the drop-down list, select the type of resource that you want to add: File or folder or Registry key.
In the window that opens, select a file, folder, or registry key.
You can view applications' rights to access the added resources. To do so, select an added resource in the left part of the window and Kaspersky Endpoint Security will show the access rights for each trust group. You can also disable control of application activity with resources by using the check box next to a new resource.
In the main window of the Web Console, select Devices → Policies & Profiles.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Advanced Threat Protection → Host Intrusion Prevention.
Intrusion Prevention settings
In the Application rights and protected resources block, click the Application rights and protected resources link.
This opens the application rights configuration window and the list of protected resources.
Select the Protected resources tab.
You will see a list of protected resources in the left part of the window and the corresponding rights for accessing those resources depending on the specific trust group.
Click Add.
The New Resource Wizard starts.
Click the Group name link to select the category of protected resources to which you want to add a new protected resource.
If you want to add a subcategory, select the Category of protected resources option.
Select the type of resource that you want to add: File or folder or Registry key.
Select a file, folder, or registry key.
Exit the Wizard.
You can view applications' rights to access the added resources. To do so, select an added resource in the left part of the window and Kaspersky Endpoint Security will show the access rights for each trust group. You can also use the check box in the Status column to disable control of application activity with resources.
In the application settings window, select Advanced Threat Protection → Host Intrusion Prevention.
Click Manage resources.
The list of protected resources opens.
Select the category of protected resources to which you want to add a new protected resource.
If you want to add a subcategory, click Add → Category.
Click the Add button. In the drop-down list, select the type of resource that you want to add: File or folder or Registry key.
In the window that opens, select a file, folder, or registry key.
You can view applications' rights to access the added resources. To do so, select an added resource in the left part of the window and Kaspersky Endpoint Security will show a list of applications and the access rights for each application. You can also disable control of application activity with resources by using the Enable control button in the Status column.
Save your changes.
Kaspersky Endpoint Security will control access to the added operating system resources and to personal data. Kaspersky Endpoint Security controls an application's access to resources based on the trust group assigned to the application. You can also change the trust group of an application.