Importing prevention rules
You can import a file with MD5 and SHA256 hashes for files that you want to prevent from running. For each hash, Kaspersky Anti Targeted Attack Platform creates a separate prevention rule.
The maximum size of the imported file is 10 MB. Only one hash per line is allowed.
To import prevention rules:
- Select the Prevention section in the application web interface window.
This opens the prevention rule table
- Click Add.
- Select Import rules.
This opens the prevention rule import window.
- Configure the following settings:
- State is the state of the prevention rule:
- If you want to enable all imported prevention rules, set the toggle switch to On.
- If you want to disable all imported prevention rules, set the toggle switch to Off.
- If you want the application to display a notification about prevention rules triggering to the user of the computer on which the prevention is applied, select the Notify user about blocking file execution check box.
The Prevent on field cannot be edited. By default, prevention rules created on a PCN server are applied on all hosts connected to that PCN server and all SCN servers connected to that PCN server (if you are using the distributed solution and multitenancy mode).
- State is the state of the prevention rule:
- Click Browse to upload the file containing hashes of files for which you want to create prevention rules.
This opens the file selection window.
- Select the file that you want to upload and click Open.
This closes the file selection window.
- Click Add.
The rules are imported.
Users with the Security auditor role cannot import file launch prevention rules.
Users with the Security officer role cannot access prevention rules.
Page top