Autonomous IOC Scan tasks are created automatically on Kaspersky Security Center server if the Run IOC scanning on a managed group of hosts action is configured in Kaspersky Endpoint Agent policies in response to threats.
Manual creation of Autonomous IOC Scan tasks is not available.
You can view the list of tasks, remove unused tasks from the list, view task execution results, run the tasks manually, configure storage period for the task results, and configure IOC Scan task run settings.
Automatically created tasks are stored on Kaspersky Security Center server. It is recommended that Kaspersky Endpoint Agent administrator makes sure that the number of tasks in the list is not more than 1000, and periodically manually removes the tasks from the list.
By default, Autonomous IOC Scan tasks are stored on Kaspersky Security Center server for seven days since the last start.
Kaspersky Endpoint Agent deletes Autonomous IOC Scan tasks if the application has been running without interruption for at least seven days on at least one device and one of the following conditions is met:
Kaspersky Endpoint Agent deletes an Autonomous IOC Scan task regardless of the device where the object was first detected and the action that was performed as a response to threats. The deleted task will not be available for all devices in the administration group.
Deletion of unused Autonomous IOC Scan tasks occurs automatically. The application does not provide the capability to configure settings for automatic deletion of Autonomous IOC Scan tasks.
If deletion of the Autonomous IOC Scan tasks was not performed correctly or you want to change the behavior of the application, contact Kaspersky Technical Support.
By default, the Autonomous IOC Scan task is configured to store all types of events that occur during execution of the group tasks. By default, execution results of the Autonomous IOC Scan tasks are stored for seven days. You can change the storage period for the task execution results.
It is not recommended to change the default storage settings for task execution results and to shorten the storage period for the Autonomous IOC Scan task execution results.