Event information

When managing the program web interface, you can view information about events within organizations to which you have access.

Event information displays local timestamps of the Kaspersky Endpoint Agent computer that detected the event. The program administrator must make sure the time on Kaspersky Endpoint Agent computers is current.

If you are using the distributed solution and multitenancy mode, the section displays data on the organization that you chose.

To enable the display of events for all organizations:

  1. Select the Threat Hunting section in the program web interface window.
  2. Turn on the Search on all companies toggle switch.

The table of events displays events for all organizations.

In this Help section

Viewing the table of events

Configuring the event table display

Viewing information about an event

Information about events in the tree of events

Recommendations for processing events

Information about the "Process started" event

Information about the "Module loaded" event

Information about the "Remote connection" event

Information about the "Prevention rule" event

Information about the "Document blocked" event

Information about the "File modified" event

Information about the "System event log" event

Information about the "Changes in the registry" event

Information about the "Port listened" event

Information about the "Driver loaded" event

Information about the "Alert" event

Information about the "Alert processing result" event

Information about the "Interpreted file run" event

Information about the "AMSI scan" event

Information about the "Interactive command input at the console" event

Page top