Prevented file formats in KEA [Kaspersky Endpoint Agent]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

In EDR Security officer can create a hash-based prevention rule for workstation. Here's the list of activities to which prevention rules apply:

Agent should control and prevent read access of the following file formats by the following apps:

App:	winword.exe	wordpad.exe	excel.exe	powerpnt.exe	acrord32.exe Microsoft Edge Google Chrome
File formats:	.rtf .doc .dot .docm .docx .dotx .dotm .docb	.docx .rtf	.xls .xlt .xlm .xlsx .xlsm .xltx .xltm .xlsb .xla .xlam .xll .xlw	.ppt .pot .pps .pptx .pptm .potx .potm .ppam .ppsx .ppsm .sldx .sldm	.pdf

 

Agent should prevent script started by following interpreters:

• cmd.exe
• reg.exe
• regedit.exe
• regedt32.exe
• cscript.exe
• wscript.exe
• mmc.exe
• msiexec.exe
• mshta.exe
• rundll32.exe
• runlegacycplelevated.exe
• control.exe
• explorer.exe
• regsvr32.exe
• wwahost.exe
• powershell.exe
• perl.exe ( * )
• hh.exe ( * )
• msbuild.exe ( * )
• python.exe ( * )
• InstallUtil.exe
• RegSvcs.exe
• RegAsm.exe
• ruby.exe
• rubyw.exe
• autoit.exe
• AutoHotkey.exe
• AutoHotkeyU32.exe
• AutoHotkeyA32.exe
• AutoHotkeyU64.exe
• AutoHotkeyA64.exe