About execution prevention

You can configure execution prevention rules for executable files and scripts, as well as for opening Office-format files on the selected devices. For example, you can prevent launching applications whose usage is considered unsafe on the selected device protected by Kaspersky Endpoint Detection and Response Expert. The application identifies the files by their paths or checksums by using MD5 and SHA256 hash algorithms.

The Execution prevention rule is a set of criteria that are considered when preventing an object from execution. The object must meet all the criteria of the Execution prevention rule in order for the application to block it from execution.

Kaspersky Endpoint Detection and Response Expert has the following modes for applying execution prevention rules:

• Block and log the report. In this mode, the EPP application blocks the execution of objects or opening of documents that match the execution prevention rules criteria.
• Log an event only. In this mode, the EPP application records to the Windows Event Log and to Kaspersky Security Center an event about attempts to execute objects or open documents that meet the criteria of the Execution prevention rules, but does not block the execution or opening of these objects.

For information on enabling, configuring execution prevention settings, and managing execution prevention rules from the command line, refer to Kaspersky Endpoint Security for Windows Help.