About Execution prevention

You can configure execution prevention rules for executable files and scripts, as well as for opening office-format files on the selected devices. For example, you can prevent launching the applications whose usage is considered unsafe on the selected device protected by Kaspersky Industrial CyberSecurity Endpoint Detection and Response. The application identifies the files by their paths or checksums using MD5 and SHA256 hash algorithms.

Execution prevention rule is a set of criteria that are considered when preventing an object from execution. The object must meet all the criteria of the Execution prevention rule in order for the application to block it from execution.

Kaspersky Industrial CyberSecurity Endpoint Detection and Response has the following modes for applying execution prevention rules:

• Block and log to the report. In this mode, EPP application blocks execution of objects or opening of documents that match execution prevention rules criteria.
• Log an event only. In this mode, EPP application records to the Windows Event Log and to Kaspersky Security Center an event about attempts to execute objects or open documents that meet the criteria of the Execution prevention rules, but does not block execution or opening these objects.

For information on enabling execution prevention, configuring its settings and managing execution prevention rules from the command line, refer to Kaspersky Endpoint Agent Help.

You can also prevent the file execution from the alert details window.