About Execution prevention
July 9, 2024
ID 220377
This functionality is not supported by Kaspersky Endpoint Security for Linux 12.1.
You can configure Execution prevention rules for executable files and scripts, as well as for opening office documents on the selected devices. For example, you can prevent launching applications considered unsafe on the selected device protected by Kaspersky Endpoint Detection and Response Optimum. The application identifies the files by their paths or checksums based on MD5 and SHA256 hash algorithms.
An Execution prevention rule is a set of criteria considered when preventing the execution of an object. The object must meet all the criteria of the Execution prevention rule in order for the application to block its execution.
Kaspersky Endpoint Detection and Response Optimum has the following modes for applying Execution prevention rules:
- Block and log to the report.
In this mode, the EPP application blocks the execution of objects and the opening of documents that match the criteria in Execution prevention rules.
- Log an event only.
In this mode, Kaspersky Endpoint Security records an event in the Event Log and Kaspersky Security Center about attempts to execute objects or open documents that meet the criteria in Execution prevention rules, but it does not block the execution or opening of these objects.
For information on enabling execution prevention, configuring its settings, and managing execution prevention rules from the command line, refer to the Kaspersky Endpoint Security for Windows Help, Kaspersky Endpoint Security for Mac Help, and Kaspersky Endpoint Agent Help.
You can also prevent file execution from the alert details window.
If Kaspersky Endpoint Security for Windows 11.10.0 or later or Kaspersky Endpoint Security for Mac 12.1 or later is installed on the organization's computers, this response action is not available for System Critical Objects (SCOs). SCOs include files required for the operation of the operating system and Kaspersky Endpoint Security. For details, refer to the Kaspersky Endpoint Security for Windows Help or Kaspersky Endpoint Security for Mac Help.
