By using IoC scans, you can configure a regular search for Indicators of Compromise (IoCs) on devices and automatic response measures to be taken if IoCs are found.
You can define settings of three IoC scans:
If you find somewhere (for example, on the internet) that a certain threat is characterized by a set of IoCs, you can add these IoCs to this scan, to check your users' devices.
The scan scope is all of your users' devices running Windows. It cannot be modified. All new devices that are added in the future will be automatically included in the scan scope.
If Kaspersky Endpoint Security Cloud detects a threat on one of your users' devices, you can add IoCs of that threat to this scan, to check other devices.
The scan scope is all of your users' devices running Windows. It cannot be modified. All new devices that are added in the future will be automatically included in the scan scope.
You can add any threat to this scan, to check your users' devices.
The scan scope is a custom selection of your users' devices running Windows. All new devices that are added in the future will be automatically included in the scan scope.
Later, when analyzing alerts about Endpoint Protection Platform (EPP) detections on your users' devices, you may want to add the found IoCs to the settings of Reactive scan, to check other devices for the same threat.
To configure IoC scans:
IoC scans are configured.