Creating a task for getting a list of files or processes
You can get a list of files stored in the selected folder and a list of processes running on the host. To do so, you must create a task for getting a list of files, processes.
To create a task for getting a list of files, processes:
Select the Tasks section in the program web interface window.
This opens the task table.
Click Add and select Get forensics.
This opens the task creation window.
Configure the following settings:
In the Information type group of settings, select the following check boxes:
Processes list if you want to get a list of processes running on the host at the time of the task execution.
Files list if you want to get a list of files stored in the selected folder or in all host folders at the time of the task execution.
You can select both check boxes simultaneously.
If you have selected the Files list check box, in the Source type group of settings, select one of the following options:
All local disks if you want the list of files to include files stored in all folders on local disks at the time of the task execution.
Directory if you want the file list to include files stored in the specified folder and its subfolders at the time when the task is run.
If you selected Directory, in the Start directory field, specify the path to the folder from which the file search should start.
You can use the following prefixes:
System environment variables.
User-defined environment variables.
When using user-defined environment variables, the list of files includes information about files in folders of all users who have set the specified environment variables. If user-defined environment variables override system environment variables, the list of files includes information about files in folders based on the values of system environment variables.
In the Hosts field, specify the IP address or host name to which you want to assign the task.
The task of getting a list of files and / or processes can only be assigned to hosts with the Kaspersky Endpoint Agent for Windows program version 3.10. Hosts with earlier versions of the Kaspersky Endpoint Agent for Windows program, as well as hosts with the Kaspersky Endpoint Agent for Linux program cannot be selected when assigning a task.
If necessary, you can specify the following search criteria for files in folders:
In the File mask field, enter the mask of files to be included in the list of files.
Select the Alternate data streams check box if you want the information about alternate data streams to be included in the file list.
If the requested file is linked to other NTFS data streams, running the task yields all files of NTFS data streams that the requested file is linked to.
The check box is selected by default.
In the Maximum nesting level field, enter the maximum nesting level of folders in which the program will search for files.
In the Exclusions field, enter the path to the folders in which you want to prohibit the search for information about files.
In the Description field, enter the task description.
Users with the Security auditor role cannot create tasks for getting the list of files and processes.
Users with the Security officer role do not have access to tasks.