Kaspersky Endpoint Security Cloud
- Kaspersky Endpoint Security Cloud help
- What's new
- About Kaspersky Endpoint Security Cloud
- Key features of Kaspersky Endpoint Security Cloud
- About per-user licensing
- Comparison of Kaspersky Endpoint Security Cloud editions
- Comparison of Kaspersky Endpoint Security Cloud features for different Windows operating system types
- Hardware and software requirements
- Network ports used by Kaspersky Endpoint Security Cloud
- About licenses purchased before April 2019
- Quick Start Guide
- Getting started with Kaspersky Endpoint Security Cloud
- Kaspersky Endpoint Security Cloud Management Console
- Initial setup of Kaspersky Endpoint Security Cloud
- Interface of Kaspersky Endpoint Security Cloud Management Console
- Deployment of security applications
- Upgrading Kaspersky Endpoint Security Cloud
- Managing user accounts
- Managing devices
- Viewing the list of devices
- About device statuses
- Viewing the properties of a device
- Connecting Windows devices and Mac devices
- Renaming devices
- Assigning the owner of a Windows device or a Mac device
- Scenario: Creating, renewing, and uploading an APNs certificate
- Connecting mobile devices
- Sending commands to users' devices
- Deleting devices from the list of devices
- Starting and stopping anti-malware database updates and malware scans
- Updating the security application on devices running Windows and macOS
- Enabling and disabling updates of the security application on devices running Windows
- Managing security profiles
- Endpoint Detection and Response
- About Endpoint Detection and Response
- About Indicators of Compromise
- Starting the use of Endpoint Detection and Response
- Scenario: Configuring and using Endpoint Detection and Response
- Configuring IoC scans for potential threats
- Configuring execution prevention
- Viewing information about Endpoint Detection and Response alerts
- Taking manual response measures
- Canceling network isolation of a Windows device
- Exporting information about Endpoint Detection and Response alerts
- Disabling Endpoint Detection and Response
- Root-Cause Analysis
- Adaptive Anomaly Control
- Data Discovery
- About Data Discovery
- Categories of information detected by Data Discovery
- Starting the use of Data Discovery
- Connecting an Office 365 organization to your workspace
- Viewing information about Data Discovery detections
- Example of analyzing a Data Discovery detection
- Exporting information about Data Discovery detections
- Disabling Data Discovery
- Cloud Discovery
- About Cloud Discovery
- Starting the use of Cloud Discovery
- Enabling and disabling Cloud Discovery in security profiles
- Viewing information about the use of cloud services
- Risk level of a cloud service
- Blocking access to unwanted cloud services
- Enabling and disabling the monitoring of internet connections on Windows devices
- Vulnerability Assessment and Patch Management
- Encryption Management
- Performing typical tasks
- Closing a Management Console session
- Viewing widgets
- Configuring protection
- Configuring protection components on Windows devices
- Selecting the types of detectable objects on Windows devices
- Configuring the File Threat Protection component on Windows devices
- Configuring the scanning of removable drives when they are connected to a computer
- Configuring the Mail Threat Protection component on Windows devices
- Configuring the Web Threat Protection component on Windows devices
- Configuring the Behavior Detection, Exploit Prevention, and Remediation Engine components on Windows devices
- Enabling and disabling AMSI Protection
- Configuring the BadUSB Attack Prevention component
- Configuring the Network Threat Protection component on Windows devices
- Configuring network ports exclusions
- Enabling and disabling Advanced Disinfection
- Configuring protection components on Mac devices
- Trusted zone
- Configuring anti-malware protection on Android devices
- Configuring protection components on Windows devices
- Configuring the Host Intrusion Prevention component on Windows devices
- Defining proxy server settings
- Managing the startup of applications on users' devices
- Compliance control of Android devices with corporate security requirements
- Configuring user access to device features
- Controlling network and storage devices on Windows devices
- Generating a list of trusted network and storage devices on Windows devices
- Configuring interaction of Kaspersky Endpoint Security for Windows with end users
- Configuring interaction of Kaspersky Endpoint Security for Mac with end users
- Controlling user access to the features of Android devices
- Controlling user access to the features of iOS and iPadOS devices
- Device hack detection (root access)
- Configuring password protection of Windows devices
- Configuring the unlock password for mobile devices
- Configuring Firewall on Windows devices
- Configuring user access to websites
- Configuring a proxy server
- Configuring an internet connection
- Configuring email on iOS and iPadOS devices
- Configuring CalDAV Calendar on iOS and iPadOS devices
- Protecting Kaspersky Endpoint Security for Android against removal
- Configuring notifications from Kaspersky Endpoint Security for Android
- Enabling and disabling performance features of Kaspersky Endpoint Security for Windows
- Configuring performance features of Kaspersky Endpoint Security for Mac
- Enabling and disabling the transmission of dump files and trace files to Kaspersky for analysis
- Viewing license details and entering an activation code
- Leaving feedback
- Reports on device protection
- List of reports on device protection
- Protection status report
- Threats report
- Status of anti-malware database updates report
- Network attacks report
- Vulnerabilities report
- Cloud Discovery reports
- Adaptive Anomaly Control reports
- Detections by Device Control component report
- Detections by Web Control component report
- Encryption status of devices report
- Kaspersky applications versions report
- Working with reports
- Configuring regular delivery of reports by email
- List of reports on device protection
- Viewing the event log and configuring event notifications
- Adjusting the general settings of Kaspersky Endpoint Security Cloud
- Managing objects in Quarantine
- Kaspersky Security Network
- Kaspersky Business Hub
- About Kaspersky Business Hub
- Managing the list of companies on Kaspersky Business Hub
- Viewing the list of companies on Kaspersky Business Hub
- Viewing aggregated protection statistics
- Adding a new company to Kaspersky Business Hub
- Adding another workspace for a company registered on Kaspersky Business Hub
- Editing company information
- Deleting the workspace of a company
- Canceling deletion of a company workspace
- Viewing news and sending feedback
- Managing the list of licenses on Kaspersky Business Hub
- Taking cybersecurity training
- Selecting the data centers used to store Kaspersky Endpoint Security Cloud information
- Resetting your password
- Editing the settings of an account in Kaspersky Business Hub
- Quick Start Guide for Managed Service Providers (MSPs)
- Kaspersky Endpoint Security Cloud licensing
- Contact Technical Support
- Sources of information about the application
- Glossary
- Account on Kaspersky Business Hub
- Administration Server
- Anti-malware databases
- Apple Push Notification service (APNs) certificate
- Background scan
- Certificate Signing Request
- Compliance control
- Device owner
- File Threat Protection
- Host Intrusion Prevention (Application Privilege Control)
- Kaspersky Business Hub
- Kaspersky Endpoint Security Cloud Management Console
- Kaspersky Security Network (KSN)
- Mail Threat Protection
- Malicious web addresses
- Malware
- Managed device
- Network Agent
- Network Threat Protection
- Patch
- Phishing
- Proxy server
- Quarantine
- Security application
- Security profile
- Supervised device
- Trusted device
- Trusted Platform Module (TPM)
- Trusted zone
- Update importance level
- User alias
- Vulnerability
- Vulnerability severity level
- Web Threat Protection
- Windows device name
- Workspace
- Information about third-party code
- Trademark notices
Kaspersky Endpoint Security Cloud Management Console > Reports on device protection > List of reports on device protection > Adaptive Anomaly Control reports
Adaptive Anomaly Control reports
Adaptive Anomaly Control reports
Kaspersky Endpoint Security Cloud provides you with two reports related to the Adaptive Anomaly Control feature: Adaptive Anomaly Control rules state and Adaptive Anomaly Control detections.
Adaptive Anomaly Control rules state report
This report displays states of Adaptive Anomaly Control rules. The report is displayed on the Reports tab only if you activated Kaspersky Endpoint Security Cloud under a Kaspersky Endpoint Security Cloud Pro license.
In the summary part, the report shows the distribution of Adaptive Anomaly Control rules by their state.
A table with detailed information includes the following columns:
- Device name
Device on which a rule has a certain state. If a rule is in the "Smart" mode, its state on different devices may vary: on some devices, the training may be finished; while on others, it may still be in progress.
- Rule name
Name of the Adaptive Anomaly Control rule.
- Rule state
State of the Adaptive Anomaly Control rule.
- Training progress, % (for rules in "Smart training" state)
The value depends on the rule state:
- For rules in the "Off," "Notify," or "Block" state, the value is always 0.
- For rules in the "Smart training" state, the value is as follows:
100%*(period from the latest unprocessed detection to now):(rule training duration)
- For rules in the "Smart block" state, the value is always 100, because the training for them has already finished.
- Number of detections (for rules in "Smart training" state)
The value depends on the rule state:
- For rules that are or have ever been in the "Smart training" state, the value is the number of actual detections that you have not yet processed.
- For other rules, the value is always 0.
Adaptive Anomaly Control detections report
This report displays detections of Adaptive Anomaly Control. The report is displayed on the Reports tab only if you activated Kaspersky Endpoint Security Cloud under a Kaspersky Endpoint Security Cloud Pro license. This report includes the following columns:
- Device name
Device on which the detection occurred.
- User name
Owner of the device on which the detection occurred.
- Rule name
Name of the Adaptive Anomaly Control rule that made the detection.
- Action
Mode of the Adaptive Anomaly Control rule: Notify, Block, or Smart.
- Source process and Source object
The object that performed the detected actions (for example, a file that the user opened).
- Target process and Target object
The object on which the detected actions were performed (for example, a browser that uses a library that is loaded into the computer memory as a result of opening the file).
Article ID: 231532, Last review: Feb 19, 2025