Users with the Senior security officer role can delete one or more TAA (IOA) rules, or all rules at the same time.
When working in distributed solution mode, you can delete only those TAA (IOA) rules that were created on the current server. Consequently, in the web interface of the PCN, you can delete only the rules that were created on the PCN. In the web interface of an SCN, you can delete only the rules that were created on the SCN.
To delete a user-defined TAA (IOA) rule:
This opens the TAA (IOA) rule table.
This opens a window containing information about the rule.
This opens the action confirmation window.
The rule is deleted.
To delete all or multiple TAA (IOA) rules:
This opens the TAA (IOA) rule table.
You can select all rules by selecting the check box in the line containing the headers of columns.
A control panel appears in the lower part of the window.
This opens the action confirmation window.
The selected rules will be deleted.
You cannot delete TAA (IOA) rules defined by Kaspersky. If you do not want to use a Kaspersky TAA (IOA) rule for scanning, add it to exclusions.
Users with the Security auditor and Security officer roles cannot modify TAA (IOA) rules based on event search conditions.