Kaspersky Endpoint Security Cloud
- Kaspersky Endpoint Security Cloud help
- What's new
- About Kaspersky Endpoint Security Cloud
- Key features of Kaspersky Endpoint Security Cloud
- Comparison of Kaspersky Endpoint Security Cloud editions
- Comparison of Kaspersky Endpoint Security Cloud features for different Windows operating system types
- About per-user licensing
- About licenses purchased before April 2019
- Hardware and software requirements
- Network ports used by Kaspersky Endpoint Security Cloud
- Quick Start Guide
- Getting started with Kaspersky Endpoint Security Cloud
- Kaspersky Endpoint Security Cloud Management Console
- Initial setup of Kaspersky Endpoint Security Cloud
- Interface of Kaspersky Endpoint Security Cloud Management Console
- Deployment of security applications
- Upgrading Kaspersky Endpoint Security Cloud
- Managing user accounts
- Managing devices
- Viewing the list of devices
- About device statuses
- Viewing the properties of a device
- Connecting Windows devices and Mac devices
- Renaming devices
- Assigning the owner of a Windows device or a Mac device
- Scenario: Creating, renewing, and uploading an APNs certificate
- Connecting mobile devices
- Sending commands to users' devices
- Deleting devices from the list of devices
- Starting and stopping anti-malware database updates and malware scans
- Updating the security application on devices running Windows and macOS
- Enabling and disabling updates of the security application on devices running Windows
- Managing security profiles
- Endpoint Detection and Response
- About Endpoint Detection and Response
- About Indicators of Compromise
- Starting the use of Endpoint Detection and Response
- Scenario: Configuring and using Endpoint Detection and Response
- Configuring IoC scans for potential threats
- Configuring execution prevention
- Viewing information about Endpoint Detection and Response alerts
- Taking manual response measures
- Canceling network isolation of a Windows device
- Exporting information about Endpoint Detection and Response alerts
- Disabling Endpoint Detection and Response
- Root-Cause Analysis
- Adaptive Anomaly Control
- Data Discovery
- About Data Discovery
- Categories of information detected by Data Discovery
- Starting the use of Data Discovery
- Connecting an Office 365 organization to your workspace
- Viewing information about Data Discovery detections
- Example of analyzing a Data Discovery detection
- Exporting information about Data Discovery detections
- Disabling Data Discovery
- Cloud Discovery
- About Cloud Discovery
- Starting the use of Cloud Discovery
- Enabling and disabling Cloud Discovery in security profiles
- Viewing information about the use of cloud services
- Risk level of a cloud service
- Blocking access to unwanted cloud services
- Enabling and disabling the monitoring of internet connections on Windows devices
- Vulnerability Assessment and Patch Management
- Encryption Management
- Performing typical tasks
- Closing a Management Console session
- Viewing widgets
- Configuring protection
- Configuring protection components on Windows devices
- Selecting the types of detectable objects on Windows devices
- Configuring the File Threat Protection component on Windows devices
- Configuring the scanning of removable drives when they are connected to a computer
- Configuring the Mail Threat Protection component on Windows devices
- Configuring the Web Threat Protection component on Windows devices
- Configuring the Behavior Detection, Exploit Prevention, and Remediation Engine components on Windows devices
- Enabling and disabling AMSI Protection
- Configuring the BadUSB Attack Prevention component
- Configuring the Network Threat Protection component on Windows devices
- Configuring network ports exclusions
- Enabling and disabling Advanced Disinfection
- Configuring protection components on Mac devices
- Trusted zone
- Configuring anti-malware protection on Android devices
- Configuring protection components on Windows devices
- Configuring the Host Intrusion Prevention component on Windows devices
- Defining proxy server settings
- Managing the startup of applications on users' devices
- Compliance control of Android devices with corporate security requirements
- Configuring user access to device features
- Controlling network and storage devices on Windows devices
- Generating a list of trusted network and storage devices on Windows devices
- Configuring interaction of Kaspersky Endpoint Security for Windows with end users
- Configuring interaction of Kaspersky Endpoint Security for Mac with end users
- Controlling user access to the features of Android devices
- Controlling user access to the features of iOS and iPadOS devices
- Device hack detection (root access)
- Configuring password protection of Windows devices
- Configuring the unlock password for mobile devices
- Configuring Firewall on Windows devices
- Configuring user access to websites
- Configuring a proxy server
- Configuring an internet connection
- Configuring email on iOS and iPadOS devices
- Configuring CalDAV Calendar on iOS and iPadOS devices
- Protecting Kaspersky Endpoint Security for Android against removal
- Configuring notifications from Kaspersky Endpoint Security for Android
- Enabling and disabling performance features of Kaspersky Endpoint Security for Windows
- Configuring performance features of Kaspersky Endpoint Security for Mac
- Enabling and disabling the transmission of dump files and trace files to Kaspersky for analysis
- Viewing license details and entering an activation code
- Reports on device protection
- List of reports on device protection
- Protection status report
- Threats report
- Status of anti-malware database updates report
- Network attacks report
- Vulnerabilities report
- Cloud Discovery reports
- Adaptive Anomaly Control reports
- Detections by Device Control component report
- Detections by Web Control component report
- Encryption status of devices report
- Kaspersky applications versions report
- Working with reports
- Configuring regular delivery of reports by email
- List of reports on device protection
- Viewing the event log and configuring event notifications
- Adjusting the general settings of Kaspersky Endpoint Security Cloud
- Managing objects in Quarantine
- Kaspersky Security Network
- Kaspersky Business Hub
- About Kaspersky Business Hub
- Managing the list of companies on Kaspersky Business Hub
- Viewing the list of companies on Kaspersky Business Hub
- Viewing aggregated protection statistics
- Adding a new company to Kaspersky Business Hub
- Adding another workspace for a company registered on Kaspersky Business Hub
- Editing company information
- Deleting the workspace of a company
- Canceling deletion of a company workspace
- Viewing news and sending feedback
- Managing the list of licenses on Kaspersky Business Hub
- Taking cybersecurity training
- Selecting the data centers used to store Kaspersky Endpoint Security Cloud information
- Resetting your password
- Editing the settings of an account in Kaspersky Business Hub
- Quick Start Guide for Managed Service Providers (MSPs)
- Kaspersky Endpoint Security Cloud licensing
- Contact Technical Support
- Sources of information about the application
- Glossary
- Account on Kaspersky Business Hub
- Administration Server
- Anti-malware databases
- Apple Push Notification service (APNs) certificate
- Background scan
- Certificate Signing Request
- Compliance control
- Device owner
- File Threat Protection
- Host Intrusion Prevention (Application Privilege Control)
- Kaspersky Business Hub
- Kaspersky Endpoint Security Cloud Management Console
- Kaspersky Security Network (KSN)
- Mail Threat Protection
- Malicious web addresses
- Malware
- Managed device
- Network Agent
- Network Threat Protection
- Patch
- Phishing
- Proxy server
- Quarantine
- Security application
- Security profile
- Supervised device
- Trusted device
- Trusted Platform Module (TPM)
- Trusted zone
- Update importance level
- User alias
- Vulnerability
- Vulnerability severity level
- Web Threat Protection
- Windows device name
- Workspace
- Information about third-party code
- Trademark notices
Root-Cause Analysis
This section contains information about Root-Cause Analysis.
The Root-Cause Analysis feature allows you to detect and root out advanced attacks, perform root-cause analysis with a visualized threat development chain graph, and drill down to details for further review.
This feature is available only if you activated Kaspersky Endpoint Security Cloud under a Kaspersky Endpoint Security Cloud Plus license.
If you activated Kaspersky Endpoint Security Cloud under a Kaspersky Endpoint Security Cloud Pro license, you have access to the full-fledged Endpoint Detection and Response.
To use this feature, you need Kaspersky Endpoint Security 11.8 for Windows or later.
In this section Starting the use of Root-Cause Analysis Viewing information about Root-Cause Analysis detections |