Deleting user-defined TAA (IOA) rules

Users with the Senior security officer role can delete one or more TAA (IOA) rules, or all rules at the same time.

When working in distributed solution mode, you can delete only those TAA (IOA) rules that were created on the current server. Consequently, in the web interface of the PCN, you can delete only the rules that were created on the PCN. In the web interface of an SCN, you can delete only the rules that were created on the SCN.

To delete a custom TAA (IOA) rule:

In the window of the program web interface, select the User rules section, TAA subsection.
This opens the TAA (IOA) rule table.
Select the rule that you want to delete.
This opens a window containing information about the rule.
Click Delete.
This opens the action confirmation window.
Click Yes.

The rule is deleted.

To delete all or multiple custom TAA (IOA) rules:

In the window of the program web interface, select the User rules section, TAA subsection.
This opens the TAA (IOA) rule table.
Select the check boxes on the left of the rules that you want to delete.
You can select all rules by selecting the check box in the row containing the headers of columns.

A control panel appears in the lower part of the window.
Click Delete.
This opens the action confirmation window.
Click Yes.

The selected rules will be deleted.

You cannot delete TAA (IOA) rules defined by Kaspersky. If you do not want to use a Kaspersky TAA (IOA) rule for scanning, add it to exclusions.

Users with the Security auditor and Security officer roles cannot modify TAA (IOA) rules based on event search conditions.