You can get lists of files, processes, and autorun points from selected Kaspersky Endpoint Agent for Windows hosts. To do so, you must create a data collection task.
To create a data collection task:
This opens the task table.
This opens the task creation window.
The autorun points list includes information about programs added to the startup folder or registered in the Run keys of the registry, as well as programs that are automatically run at startup of a Kaspersky Endpoint Agent host and when a user logs in to the operating system on the specified hosts.
You can use the following prefixes:
When using user-defined environment variables, the list of files includes information about files in folders of all users who have set the specified environment variables. If user-defined environment variables override system environment variables, the list of files includes information about files in folders based on the values of system environment variables.
The data collection task can only be assigned to hosts with the Kaspersky Endpoint Agent for Windows program version 3.10 or later. Getting a list of autorun points is only supported on hosts with Kaspersky Endpoint Agent for Windows 3.12 and higher.
If necessary, you can specify the following search criteria for files in folders:
If the requested file is linked to other NTFS data streams, running the task yields all files of NTFS data streams that the requested file is linked to.
The check box is selected by default.
The data collection task is created. The task runs automatically after it is created.
Upon completion of the task, the program places the ZIP-archive which contains file with the selected data into the Storage. If the task completed successfully, you can download the archive to your local computer.
Users with the Security auditor role cannot create data collection tasks.
Users with the Security officer role do not have access to tasks.