Scenario: Configuring and using Endpoint Detection and Response

To use Endpoint Detection and Response in the automatic mode, you must first configure it.

The scenario proceeds in stages:

1. Configure IoC scans for potential threats

   By using IoC scans, you can configure a regular search for Indicators of Compromise (IoCs) on devices and automatic response measures to be taken if IoCs are found.

2. Configure execution prevention

   You can define settings according to which Kaspersky Endpoint Security for Windows prevents the execution of certain objects (executable files and scripts) or the opening of Microsoft Office documents on your users' devices.

3. View and analyze information about occurred alerts
4. Take manual response measures

   While analyzing details of an alert, you may want to take additional measures or fine-tune the Endpoint Detection and Response feature:

   • Take manual response measures (for example, move the detected file to Quarantine or isolate the device on which the alert occurred).
   • Add the found IoCs to the settings of regular IoC scans, to check other devices for the same threat.
   • Add the detected object to the list of execution prevention rules, to prevent it from being executed in the future on the same and other devices.

Page top