Adding Threat Response actions to the action list of the current policy
To add Threat Response actions to the list of actions of the current policy:
Open Kaspersky Security Center Administration Console.
In the console tree, open the Policies folder.
Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
Double-click the policy name.
Select Properties in the policy context menu.
Select the Configure policy settings item in the right part of the window.
In the Kaspersky Sandbox integration section select the Threat Response subsection.
In the Actions group of settings, select the Take response actions on threats, detected by Kaspersky Sandbox check box, if it is not selected.
Click Add and in the drop-down list, select one of the following actions:
Quarantine and delete. Local action. Performed on the device, where a threat is detected.
Notify device user. Local action. Performed on the device, where a threat is detected.
Push Endpoint Protection Platform (EPP) scanning on critical areas. Local action. Performed on the device, where a threat is detected.
Run IOC scanning on a managed group of hosts. Group action. Performed on all the device of the administration group.
Quarantine and delete when IOC is detected. Group action. Performed on all the device of the administration group.
Push Endpoint Protection Platform (EPP) scanning on critical areas when IOC is detected. Group action. Performed on all the device of the administration group.
The action is added to the Current actions list.
When configuring threat response actions, keep in mind that as a result of some actions, the object containing the threat may be deleted from the workstation where it was detected.
To remove an action, select it in the table and click Remove.
In the upper right corner of the settings group, change the switch from Policy not enforced to Under policy.