You can use YARA rules as YARA module databases to scan files and objects received at the Central Node and to scan hosts that have Kaspersky Endpoint Agent for Windows installed.
Depending on the program operating mode and the server on which the YARA rules are created, the rules can have one of the following types:
Global—Created on the PCN server. These rules are used to scan files and objects received at the PCN server and all SCN servers connected to that PCN server. Scanned files and objects belong to the company which the user is managing in the program web interface (in the distributed solution and multitenancy mode).
Local—Created on the SCN server. These rules are used to scan files and objects received at the SCN server. Scanned files and objects belong to the company which the user is managing in the program web interface (in the distributed solution and multitenancy mode).
When managing the program web interface, users with the Senior security officer role can import a YARA rule file into Kaspersky Anti Targeted Attack Platform using the program web interface.
Users with the Security auditor and Security officer roles can only view YARA rules.