Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For security officers: Getting started with the application web interface

Managing policies (prevention rules)

Viewing a prevention rule

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
FAQ Download Forum Contact support Recovery tools

Viewing a prevention rule

8 November 2023

ID 247688

To view a prevention rule:

  1. Select the Prevention section in the application web interface window.

    This opens the prevention rule table

  2. Select the prevention rule that you want to view.

A prevention rule contains the following information:

  • The Events link opens the Threat Hunting section with the search condition containing your selected prevention rule.
  • State is the current state of the prevention rule.

    A prevention rule can have one of the following states:

    • Enabled
    • Disabled
  • The Details tab contains the following information:
    • MD5/SHA256 is the hash of the file prevented from running.

      Clicking the MD5/SHA256 link opens a list in which you can select one of the following actions:

      • Find on TIP.
      • Find events.
      • Find alerts.
      • Copy value to clipboard.
    • Name is the name of the prevention rule or file prevented from running.
    • Type is the type of the rule depending on the operating mode of the application and the role of the server which generated the rule:
      • Global—Created on the PCN. These prevention rules apply to hosts that are connected to this PCN server and to all SCN servers that are connected to this PCN server. Prevention rules belong to the tenant which the user is managing in the program web interface.
      • Local—Created on the SCN server. These prevention rules apply only to hosts that are connected to this SCN server. Prevention rules belong to the tenant which the user is managing in the program web interface.
    • Notification is the state of the Notify user about blocking file execution setting.
    • Prevent on is the list of hosts on which the prevention rule is applied.

      If the prevention is in effect on all hosts, the All hosts section is displayed.

  • The Change log tab contains a list of changes made to the prevention: time of the change, name of the user that changed the prevention, and actions taken on the prevention.

See also

Managing policies (prevention rules)

Viewing the prevention rule table

Configuring prevention rule table display

Creating a prevention rule

Importing prevention rules

Enabling and disabling a prevention rule

Enabling and disabling presets

Deleting prevention rules

Filtering prevention rules by name

Filtering prevention rules by type

Filtering prevention rules by file hash

Filtering prevention rules by server name

Clearing a prevention rule filter

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.