Support

Support for business applications

Kaspersky Sandbox

Managing Kaspersky Endpoint Agent for Windows

Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox

Configuring the running of IOC scanning tasks

Kaspersky Sandbox
Нет результатов
Knowledge Base Online Help
FAQ System requirements Download Forum Contact support Recovery tools Product videos

Configuring the running of IOC scanning tasks

August 12, 2022

ID 190956

To configure the running of IOC scanning tasks:

  1. Open the Kaspersky Security Center Administration Console.
  2. In the console tree, select the Policies folder.
  3. Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
    • Double-click the policy name.
    • Select Properties in the policy context menu.
    • Select the Configure policy settings item in the right part of the window.
  4. In the right part of the screen, under Scanning scope, select one of the following scopes where Kaspersky Endpoint Agent will search for IOCs:
    • File areas on system drives of the device.
    • Critical file areas on the device.
  5. Under Configure IOC scanning, select one of the following options for running IOC scanning tasks:
    • Manually.

      IOC scanning tasks are created automatically but are not run. You can run each task or all tasks manually.

    • Immediately after threat detection by Kaspersky Sandbox.

      IOC scanning tasks are automatically created and run.

    • Start within the specified period.

      IOC scanning tasks are created automatically and run during the specified period. For example, during out-of-office hours from 8 p.m. to 7 a.m..

      If you select the Start within the specified period option, specify the start and end of the period in the Period start time (hh:mm) and Period end time (hh:mm) fields.

      All IOC scanning tasks automatically created before the specified start time of the period are run at an arbitrary time during the specified period.

      All IOC scanning tasks automatically created during the specified period are run immediately.

      All IOC scanning tasks automatically created after the specified start time of the period are run the following day.

    Example:

    You configured to run the tasks during the specified period from 8:00 p.m. to 7:00 a.m.:

    Tasks automatically created at 19:00 are launched at an arbitrary time from 8:00 p.m. to 7:00 a.m.

    Tasks automatically created at 9:00 p.m. are run at 9:00 p.m.

    Tasks automatically created at 10:00 p.m. are run on the following day from 8:00 p.m. to 7:00 a.m.
  6. Click OK.
  7. If you are configuring policy settings, in the upper right corner of the group of settings, move the switch from Underined to Enforce.
  8. Click OK.
  9. In the policy properties window, click Save.

Running of IOC scanning task is configured.

See also

Enabling and disabling Threat Response actions for threats detected by Kaspersky Sandbox

Adding Threat Response actions to the action list of the current policy

Authentication for Threat Response group tasks at the Administration Server

Enabling detection of legitimate applications that can be used by cybercriminals

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.