Prevented file formats in KEA [Kaspersky Endpoint Agent]
In EDR Security officer can create a hash-based prevention rule for workstation. Here's the list of activities to which prevention rules apply:
Agent should control and prevent read access of the following file formats by the following apps:
App: |
winword.exe |
wordpad.exe |
excel.exe |
powerpnt.exe |
acrord32.exe |
---|---|---|---|---|---|
File formats: |
.rtf .doc .dot .docm .docx .dotx .dotm .docb |
.docx .rtf |
.xls .xlt .xlm .xlsx .xlsm .xltx .xltm .xlsb .xla .xlam .xll .xlw |
.ppt .pot .pps .pptx .pptm .potx .potm .ppam .ppsx .ppsm .sldx .sldm |
Agent should prevent script started by following interpreters:
- cmd.exe
- reg.exe
- regedit.exe
- regedt32.exe
- cscript.exe
- wscript.exe
- mmc.exe
- msiexec.exe
- mshta.exe
- rundll32.exe
- runlegacycplelevated.exe
- control.exe
- explorer.exe
- regsvr32.exe
- wwahost.exe
- powershell.exe
- perl.exe ( * )
- hh.exe ( * )
- msbuild.exe ( * )
- python.exe ( * )
- InstallUtil.exe
- RegSvcs.exe
- RegAsm.exe
- ruby.exe
- rubyw.exe
- autoit.exe
- AutoHotkey.exe
- AutoHotkeyU32.exe
- AutoHotkeyA32.exe
- AutoHotkeyU64.exe
- AutoHotkeyA64.exe
0 Comments
Recommended Comments
There are no comments to display.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now