Enabling and disabling the automatic use of an IOC file when scanning hosts

You can enable or disable the automatic use of an IOC file for searching for indicators of compromise on Kaspersky Endpoint Agent hosts.

To enable or disable the automatic use of an IOC file for searching for indicators of compromise on Kaspersky Endpoint Agent hosts:

  1. In the window of the program web interface, select the User rules section, IOC subsection.

    This opens the table of IOC files.

  2. In the line containing the IOC file whose use you want to enable or disable, in the State column, set the toggle switch to one of the following positions:
    • Enabled
    • Disabled

Automatic use of an IOC file for searching for indicators of compromise on Kaspersky Endpoint Agent hosts is enabled or disabled.

Users with the Security auditor and Security officer roles cannot enable or disable automatic application of a IOC file when scanning events.

See also

Managing user-defined IOC rules

Viewing the table of IOC files

Viewing information about an IOC file

Uploading an IOC file

Downloading an IOC file to a computer

Deleting an IOC file

Searching for alerts in IOC scan results

Searching for alerts using an IOC file

Filtering and searching IOC files

Clearing an IOC file filter

Configuring an IOC scan schedule

Page top