- Kaspersky Anti Targeted Attack Platform Help
- Kaspersky Anti Targeted Attack Platform
- What's new
- About Kaspersky Threat Intelligence Portal
- Distribution kit
- Hardware and software requirements
- Requirements for Kaspersky Endpoint Agent for Windows
- Compatibility of Kaspersky Endpoint Agent for Windows versions with Kaspersky Anti Targeted Attack Platform versions
- Compatibility of Kaspersky Endpoint Agent for Windows versions with EPP programs
- Compatibility of Kaspersky Endpoint Agent for Windows versions with other programs
- Requirements for Kaspersky Endpoint Agent for Linux
- Compatibility of Kaspersky Endpoint Agent for Linux versions with Kaspersky Anti Targeted Attack Platform versions
- Compatibility of Kaspersky Endpoint Agent for Linux versions with EPP programs
- Compatibility of Kaspersky Endpoint Agent for Linux versions with other programs
- Compatibility of Kaspersky Endpoint Security for Windows versions with Kaspersky Anti Targeted Attack Platform versions
- Limitations of the current version of the program
- About data provision
- Data of the Central Node and Sensor components
- Sandbox component data
- Data transmitted between program components
- Data of Kaspersky Endpoint Agent for Windows
- Data received from the Central Node component
- Data in fields of Windows Event Log events of Kaspersky Endpoint Agent
- Data in Kaspersky Endpoint Agent for Windows requests to Kaspersky Anti Targeted Attack Platform
- Service data of Kaspersky Endpoint Agent for Windows
- Data contained in Kaspersky Endpoint Agent for Windows trace files and dumps
- Data sent to Kaspersky if the KSN Statement was accepted
- Data in alerts and events
- Data contained in task completion reports
- Data contained in an install log
- Data on files that are blocked from starting
- Data related to the performance of tasks
- Data of Kaspersky Endpoint Agent for Linux
- Program licensing
- About the End User License Agreement
- About the license
- About the license certificate
- About the key
- About the key file
- Viewing information about the license and added keys
- Viewing the text of the End User License Agreement in the web interface of the Central Node
- Viewing the text of the Privacy Policy in the web interface of the Central Node
- Viewing information about the third-party code used in the program
- Viewing the text of the End User License Agreement in the web interface of the Sandbox
- Viewing the text of the End User License Agreement on a computer with Kaspersky Endpoint Agent
- Adding a key
- Replacing a key
- Removing a key
- Program modes based on the license
- Program architecture
- Operation of the program
- Distributed solution and multitenancy
- Distributed solution and multitenancy mode transition scenario
- Modifications of program settings for the distributed solution and multitenancy mode
- Assigning the PCN role to a server
- Assigning the SCN role to a server
- Processing SCN to PCN connection requests
- Viewing information about tenants, PCN and SCN servers
- Adding a tenant to the PCN server
- Deleting a tenant from the PCN server
- Renaming a tenant on the PCN server
- Disconnecting an SCN from PCN
- Modifications of program settings for disconnecting an SCN from PCN
- Decommissioning an SCN server
- Sizing Guide
- Installing and performing initial configuration of the solution
- Preparing for installing program components
- Preparing the IT infrastructure for program components installation
- Preparing the IT infrastructure for integration with a mail server used for receiving messages via POP3
- Preparing the IT infrastructure for integration with a mail server used for receiving messages via SMTP
- Preparing the virtual machine for installing the Sandbox component
- Procedure for installing and configuring program components
- Installation: Sandbox component
- Step 1. Viewing the End User License Agreement and Privacy Policy
- Step 2. Selecting a disk for installing the Sandbox component
- Step 3. Assigning the host name
- Step 4. Selecting the controlling network interface in the list
- Step 5. Assigning the address and network mask of the controlling interface
- Step 6. Adding DNS server addresses
- Step 7. Configuring a static network route
- Step 8. Configuring the minimum password length for the Sandbox administrator password
- Step 9. Creating the Sandbox administrator account
- Installing and configuring the Central Node and Sensor components on the same server
- Step 1. Viewing the End User License Agreement and Privacy Policy
- Step 2. Selecting a disk for installing the Central Node and Sensor components
- Step 3. Selecting a server role
- Step 4. Configuring the minimum password length for the administrator password
- Step 5. Creating an account for working in the administrator menu and in the server management console
- Step 6. Assigning the host name
- Step 7. Enabling a network interface for the first time
- Step 8. Assigning the address and subnet mask of the management interface
- Step 9. Configuring the default network route
- Step 10. Configuring DNS settings
- Step 11. Configuring proxy server connection settings
- Step 12. Setting the time zone
- Step 13. Configuring time synchronization with an NTP server
- Step 14. Configuring integration with the Sandbox component
- Step 15. Allocating the disk for the Targeted Attack Analyzer component's database
- Step 16. Creating an administrator account for the web interface of Kaspersky Anti Targeted Attack Platform
- Step 17. Configuring receipt of mirrored traffic from SPAN ports
- Step 18. Configuring integration with a proxy server via ICAP
- Step 19. Configuring integration with a mail server via POP3
- Step 20. Configuring integration with a mail server via SMTP
- Installing and configuring the Sensor component on a separate server
- Step 1. Viewing the End User License Agreement and Privacy Policy
- Step 2. Selecting a disk for installing the Sensor component
- Step 3. Selecting a server role
- Step 4. Configuring the minimum password length for the administrator password
- Step 5. Creating an account for working in the administrator menu and in the server management console
- Step 6. Assigning the host name
- Step 7. Enabling a network interface for the first time
- Step 8. Assigning the address and subnet mask of the management interface
- Step 9. Configuring the default network route
- Step 10. Configuring DNS settings
- Step 11. Configuring proxy server connection settings
- Step 12. Setting the time zone
- Step 13. Configuring time synchronization with an NTP server
- Step 14. Connecting to the server with the Central Node component
- Step 15. Selecting the Central Node server as the source of Sensor component database updates
- Step 16. Configuring receipt of mirrored traffic from SPAN ports
- Step 17. Configuring integration with a proxy server via ICAP
- Step 18. Configuring integration with a mail server via POP3
- Step 19. Configuring integration with a mail server via SMTP
- Preparing for installing program components
- Configuring the integration of Kaspersky Anti Targeted Attack Platform with Kaspersky Endpoint Agent
- Configuring the trusted connection of Kaspersky Anti Targeted Attack Platform with Kaspersky Endpoint Agent
- Configuring the connection with the Central Node server without validating the TLS certificate of Kaspersky Endpoint Agent in Kaspersky Anti Targeted Attack Platform.
- Configuring the connection with the Sensor server without validating the TLS certificate of Kaspersky Endpoint Agent in Kaspersky Anti Targeted Attack Platform.
- Configuring the connection with the Central Node server with validation of the TLS certificate of Kaspersky Endpoint Agent in Kaspersky Anti Targeted Attack Platform.
- Configuring the connection with the Sensor server with validation of the TLS certificate of Kaspersky Endpoint Agent in Kaspersky Anti Targeted Attack Platform.
- Downloading the TLS certificate of the Central Node server
- Generating a TLS certificate for the Central Node server in the web interface of Kaspersky Anti Targeted Attack Platform
- Uploading an independently prepared TLS certificate for the Central Node server using the web interface of Kaspersky Anti Targeted Attack Platform.
- Uploading a TLS certificate of the Central Node server or Sensor to Kaspersky Endpoint Agent
- Enabling the validation of the Kaspersky Endpoint Agent TLS certificate in the web interface of Kaspersky Anti Targeted Attack Platform
- Generating a TLS certificate of Kaspersky Endpoint Agent in the web interface of Kaspersky Anti Targeted Attack Platform and downloading a cryptographic container
- Uploading an independently prepared TLS certificate of Kaspersky Endpoint Agent using the web interface of Kaspersky Anti Targeted Attack Platform.
- Viewing the table of Kaspersky Endpoint Agent TLS certificates in the web interface of Kaspersky Anti Targeted Attack Platform
- Filtering and searching Kaspersky Endpoint Agent TLS certificates in the web interface of Kaspersky Anti Targeted Attack Platform
- Deleting Kaspersky Endpoint Agent TLS certificates in the web interface of Kaspersky Anti Targeted Attack Platform
- Configuring the validation of the Kaspersky Endpoint Agent TLS certificate by the Central Node server and uploading a cryptographic container to Kaspersky Endpoint Agent
- Configuring traffic redirection from Kaspersky Endpoint Agent to the Sensor server
- Generating a TLS certificate for the Sensor server in the administrator menu of the Sensor server
- Uploading an independently prepared TLS certificate for the Sensor server in the administrator menu of the Sensor server
- Downloading the TLS certificate of the Sensor server to your computer
- Configuring the integration and trusted connection with Kaspersky Anti Targeted Attack Platform on the Kaspersky Endpoint Agent side
- Configuring the trusted connection of Kaspersky Anti Targeted Attack Platform with Kaspersky Endpoint Agent
- Getting started with the program
- Managing accounts of program administrators and users
- Creating an administrator account for the program web interface
- Creating a user account for the program web interface
- Configuring user account table display
- Viewing the user account table
- Filtering user accounts
- Resetting the account filter
- Changing access rights of a program web interface user account
- Enabling and disabling an administrator account or user account of the program web interface
- Changing the password of a program administrator or user account
- Changing the password of your account
- Authentication using domain accounts
- Participation in Kaspersky Security Network and use of Kaspersky Private Security Network
- Managing the Sandbox component through the web interface
- Updating the Sandbox component databases
- Configuring connection between the Sandbox and Central Node components
- Configuring the Sandbox component network interfaces
- Updating the Sandbox system
- Setting the Sandbox system date and time
- Installing and configuring images of operating systems and software required for the operation of the Sandbox component
- Downloading ISO images of operating systems and software required for the operation of the Sandbox component
- Creating virtual machines with images of operating systems and software required for the operation of the Sandbox component
- Installing virtual machines with images of operating systems and software required for the operation of the Sandbox component
- Deleting all pending virtual machines
- Setting the maximum number of simultaneously running virtual machines
- Downloading the Sandbox system log to the hard drive
- Exporting Sandbox settings
- Importing Sandbox settings
- Restarting the Sandbox server
- Powering off the Sandbox server
- Changing the Sandbox administrator account password
- For an administrator: Getting started with the program web interface
- Kaspersky Anti Targeted Attack Platform Interface
- Monitoring program operation
- About widgets and layouts
- Selecting a tenant and a server to manage in the Dashboard section
- Adding a widget to the current layout
- Moving a widget in the current layout
- Removing a widget from the current layout
- Saving a layout to PDF
- Configuring the data display period in widgets
- Monitoring the receipt and processing of incoming data
- Monitoring the queues for data processing by program modules and components
- Monitoring the processing of data by the Sandbox component
- Viewing the working condition of modules and components of the program
- Managing Central Node, PCN, or SCN servers using the program web interface
- Configuring the date and time on the server
- Powering off and restarting the server
- Generating or uploading a TLS certificate of the server
- Downloading the TLS certificate of the server
- Assigning a server DNS name
- Configuring DNS settings
- Configuring settings of the network interface
- Configuring the default network route
- Configuring proxy server connection settings
- Configuring the mail server connection
- Selecting operating systems to use when scanning objects in Sandbox
- Managing the Sensor component
- Viewing the table of servers with the Sensor component
- Processing a connection request from the Sensor component
- Configuring the maximum size of a scanned file
- Configuring receipt of mirrored traffic from SPAN ports
- Configuring integration with a mail server via SMTP
- Configuring TLS encryption of connections with a mail server via SMTP
- Enabling integration with a proxy server via ICAP
- Configuring integration with a mail server via POP3
- Notifications about the maximum allowed load on the hard drive, CPU, and RAM of Central Node and Sensor servers
- Configuring the SNMP protocol connection
- Managing Kaspersky Endpoint Agent host information
- Selecting a tenant to manage in the Endpoint Agents section
- Viewing the Kaspersky Endpoint Agent host table on a standalone Central Node server
- Viewing the Kaspersky Endpoint Agent host table in distributed solution and multitenancy mode
- Viewing information about a host
- Filtering and searching hosts with Kaspersky Endpoint Agent by host name
- Filtering and searching hosts with Kaspersky Endpoint Agent that have been isolated from the network
- Filtering and searching hosts with Kaspersky Endpoint Agent by PCN and SCN server names
- Filtering and searching hosts with Kaspersky Endpoint Agent by computer IP address
- Filtering and searching hosts with Kaspersky Endpoint Agent by operating system version on the computer
- Filtering and searching hosts with Kaspersky Endpoint Agent by Kaspersky Endpoint Agent version
- Filtering and searching hosts with Kaspersky Endpoint Agent based on their activity
- Quickly creating a filter for hosts with Kaspersky Endpoint Agent
- Resetting the hosts with Kaspersky Endpoint Agent filter
- Configuring activity indicators of Kaspersky Endpoint Agent
- Supported interpreters and processes
- Configuring integration with the Sandbox component
- Configuring integration with external systems
- Configuring integration with Kaspersky Managed Detection and Response
- Configuring integration with an SIEM system
- Managing the activity log
- Database Update
- Creating a list of passwords for archives
- For a security officer: Getting started with the program web interface
- Kaspersky Anti Targeted Attack Platform Interface
- Selecting a tenant to manage in the web interface of the program
- Monitoring program operation
- About widgets and layouts
- Adding a widget to the current layout
- Moving a widget in the current layout
- Removing a widget from the current layout
- Saving a layout to PDF
- Configuring the data display period in widgets
- Configuring the widget display scale
- Basics of managing "Alerts" type widgets
- Viewing the working condition of modules and components of the program
- Table of alerts
- Configuring the alert table display
- Filtering, sorting, and searching alerts
- Filtering alerts by VIP status
- Filtering and searching alerts by time
- Filtering alerts by level of importance
- Filtering and searching alerts by categories of objects detected
- Filtering and searching alerts by obtained information
- Filtering and searching alerts by source address
- Filtering and searching alerts by destination address
- Filtering and searching alerts by server name
- Filtering and searching alerts by technology name
- Filtering and searching alerts by the status of their processing by the user
- Sorting alerts in the table
- Quickly creating an alert filter
- Clearing an alert filter
- Viewing alerts
- Viewing alert details
- General information about an alert of any type
- Information in the Object information section
- Information in the Alert information section
- Information in the Scan results section
- Information in the IDS rule section
- Information in the Network event section
- Scan results in Sandbox
- IOC scan results
- Information in the Hosts section
- Information in the Change log section
- Sending alert data
- Recommendations for processing alerts
- User actions performed on alerts
- Events database threat hunting
- Searching events in source code mode
- Searching events in design mode
- Sorting events in the table
- Changing the event search conditions
- Searching events by processing results in EPP programs
- Uploading an IOC file and searching for events based on conditions defined in the IOC file
- Creating a TAA (IOA) rule based on event search conditions
- Event information
- Viewing the table of events
- Configuring the event table display
- Viewing information about an event
- Information about events in the tree of events
- Recommendations for processing events
- Information about the "Process started" event
- Information about the "Module loaded" event
- Information about the "Remote connection" event
- Information about the "Prevention rule" event
- Information about the "Document blocked" event
- Information about the "File modified" event
- Information about the "System event log" event
- Information about the "Changes in the registry" event
- Information about the "Port listened" event
- Information about the "Driver loaded" event
- Information about the "Alert" event
- Information about the "Alert processing result" event
- Information about the "Interpreted file run" event
- Information about the "AMSI scan" event
- Information about the "Interactive command input at the console" event
- Automatically sending files from Kaspersky Endpoint Agent hosts to be scanned by the Sandbox component in accordance with Kaspersky TAA (IOA) rules
- Managing Kaspersky Endpoint Agent host information
- Viewing the Kaspersky Endpoint Agent host table on a standalone Central Node server
- Viewing the Kaspersky Endpoint Agent host table in distributed solution and multitenancy mode
- Configuring the Kaspersky Endpoint Agent host table display
- Viewing information about a host
- Filtering and searching hosts with Kaspersky Endpoint Agent by host name
- Filtering and searching hosts with Kaspersky Endpoint Agent that have been isolated from the network
- Filtering and searching hosts with Kaspersky Endpoint Agent by PCN and SCN server names
- Filtering and searching hosts with Kaspersky Endpoint Agent by computer IP address
- Filtering and searching hosts with Kaspersky Endpoint Agent by operating system version on the computer
- Filtering and searching hosts with Kaspersky Endpoint Agent by Kaspersky Endpoint Agent version
- Filtering and searching hosts with Kaspersky Endpoint Agent based on their activity
- Quickly creating a filter for hosts with Kaspersky Endpoint Agent
- Resetting the hosts with Kaspersky Endpoint Agent filter
- Configuring activity indicators of Kaspersky Endpoint Agent
- Supported interpreters and processes
- Network isolation of Endpoint Agent hosts
- Managing tasks
- Viewing the task table
- Viewing information about a task
- Creating a process termination task
- Creating a data collection task
- Creating a task to scan hosts using YARA rules
- Creating a service management task
- Creating an NTFS metafile retrieval task
- Creating a registry key retrieval task
- Creating a process memory dump retrieval task
- Creating a program execution task
- Creating a get file task
- Creating a file deletion task
- Creating a file quarantine task
- Creating a quarantined file recovery task
- Creating a copy of a task
- Deleting tasks
- Filtering tasks by creation time
- Filtering tasks by type
- Filtering tasks by name
- Filtering tasks by file name and path
- Filtering tasks by description
- Filtering tasks by server name
- Filtering tasks based on the name of the user that created the task
- Filtering tasks by processing status
- Clearing a task filter
- Managing policies (prevention rules)
- Viewing the prevention rule table
- Configuring prevention rule table display
- Viewing a prevention rule
- Creating a prevention rule
- Importing prevention rules
- Enabling and disabling a prevention rule
- Enabling and disabling presets
- Deleting prevention rules
- Filtering prevention rules by name
- Filtering prevention rules by type
- Filtering prevention rules by file hash
- Filtering prevention rules by server name
- Clearing a prevention rule filter
- Managing user-defined rules
- Using indicators of compromise (IOC) and attack (IOA) for Threat Hunting
- Managing user-defined IOC rules
- Viewing the table of IOC files
- Viewing information about an IOC file
- Uploading an IOC file
- Downloading an IOC file to a computer
- Enabling and disabling the automatic use of an IOC file when scanning hosts
- Deleting an IOC file
- Searching for alerts in IOC scan results
- Searching for events using an IOC file
- Filtering and searching IOC files
- Clearing an IOC file filter
- Configuring an IOC scan schedule
- Managing user-defined TAA (IOA) rules
- Creating a TAA (IOA) rule based on event search conditions
- Importing a TAA (IOA) rule
- Viewing the TAA (IOA) rule table
- Viewing custom TAA (IOA) rule details
- Searching for alerts and events in which TAA (IOA) rules were triggered
- Filtering and searching TAA (IOA) rules
- Resetting the TAA (IOA) rule filter
- Enabling and disabling TAA (IOA) rules
- Modifying a TAA (IOA) rule
- Deleting TAA (IOA) rules
- Managing user-defined IDS rules
- Importing a user-defined IDS rule
- Viewing the information of a user-defined IDS rule
- Enabling and disabling the use of an IDS rule when scanning events
- Configuring the importance of alerts generated by the user-defined IDS rule
- Replacing a user-defined IDS rule
- Downloading a user-defined IDS rule file to the computer
- Deleting a user-defined IDS rule
- Managing YARA rules
- Managing objects in Storage and Quarantine
- Viewing the table of objects that were placed in Storage
- Viewing information about an object manually placed in Storage using the web interface
- Viewing information about an object placed in Storage by a get file task
- Viewing information about an object placed in Storage by a get data task
- Downloading objects from Storage
- Uploading objects to Storage
- Sending objects in Storage for scanning
- Deleting objects from Storage
- Filtering objects in Storage by object type
- Filtering objects in Storage by object description
- Filtering objects in Storage based on scan results
- Filtering objects in Storage based on the name of Central Node, PCN, or SCN server
- Filtering objects in Storage by object source
- Filtering objects based on the time they were placed in Storage
- Clearing a Storage objects filter
- Viewing the table of objects quarantined on computers with Kaspersky Endpoint Agent
- Viewing information about a quarantined object
- Restoring an object from Quarantine
- Obtaining a copy of a quarantined object on a Kaspersky Anti Targeted Attack Platform server
- Removing information about the quarantined object from the table
- Filtering information about quarantined objects by object type
- Filtering information about quarantined objects by object description
- Filtering information about quarantined objects by host name
- Filtering information about quarantined objects by time
- Resetting the filter for information about quarantined objects
- Managing reports
- Creating a template
- Creating a report based on a template
- Viewing the table of templates and reports
- Viewing a report
- Downloading a report to a local computer
- Editing a template
- Filtering templates by name
- Filtering templates based on the name of the user that created the template
- Filtering templates by creation time
- Clearing a template filter
- Deleting a template
- Filtering reports by creation time
- Filtering reports by name
- Filtering reports by the name of the server with the Central Node component
- Filtering reports based on the name of the user that created the report
- Clearing a report filter
- Deleting a report
- Managing rules for assigning the VIP status to alerts
- Viewing the list of VIP status assignment rules
- Creating a VIP status assignment rule
- Deleting a VIP status assignment rule
- Modifying a VIP status assignment rule
- Importing a list of VIP status assignment rules
- Exporting a list of VIP status assignment rules
- Filtering and searching by type of VIP status assignment rule
- Filtering and searching by value of VIP status assignment rule
- Filtering and searching by description of VIP status assignment rule
- Clearing a VIP status assignment rule filter
- Managing the list of scan exclusions
- Viewing the list of scan exclusions
- Adding a scan exclusion rule
- Deleting a scan exclusion rule
- Editing a rule added to scan exclusions
- Exporting the list of data excluded from the scan
- Filtering rules in the scan exclusion list by criterion
- Searching rules in the scan exclusion list by value
- Resetting the rule filter in the scan exclusion list
- Managing IDS exclusions
- Managing TAA exclusions
- Creating a list of passwords for archives
- Viewing server settings
- Viewing the table of servers with the Sandbox component
- Viewing the table of servers with the Sensor component
- Viewing the table of external systems
- Sending notifications
- Viewing the table of rules for sending notifications
- Creating a rule for sending notifications about alerts
- Creating a rule for sending notifications about the operation of program components
- Enabling and disabling a rule for sending notifications
- Modifying a rule for sending notifications
- Deleting a rule for sending notifications
- Filtering and searching notification forwarding rules by rule type
- Filtering and searching notification forwarding rules based on the notification subject
- Filtering and searching notification forwarding rules by email address
- Filtering and searching notification forwarding rules based on their status
- Clearing a notification forwarding rule filter
- Managing Kaspersky Endpoint Agent for Windows
- Installing and uninstalling Kaspersky Endpoint Agent
- Preparing for Kaspersky Endpoint Agent installation
- Installing Kaspersky Endpoint Agent
- Installing and uninstalling Kaspersky Endpoint Agent locally
- Installing Kaspersky Endpoint Agent using Kaspersky Security Center
- Installing Kaspersky Endpoint Agent administration tools
- Updating Kaspersky Endpoint Agent from the previous version
- Repairing Kaspersky Endpoint Agent
- Changes in the system after Kaspersky Endpoint Agent installation
- Kaspersky Endpoint Agent activation
- Managing Kaspersky Endpoint Agent using Kaspersky Security Center Administration Console
- Managing Kaspersky Endpoint Agent policies
- Configuring Kaspersky Endpoint Agent settings
- Opening Kaspersky Endpoint Agent settings window
- Configuring Kaspersky Endpoint Agent security settings
- Configuring Kaspersky Endpoint Agent connection settings to a proxy server
- Configuring Kaspersky Security Center as a proxy server for Kaspersky Endpoint Agent activation
- Configuring KSN usage in Kaspersky Endpoint Agent
- Configuring integration between Kaspersky Endpoint Agent and KATA Central Node
- Configuring EDR telemetry settings
- Configuring storage settings in Kaspersky Endpoint Agent
- Configuring integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response
- Configuring failure diagnosis
- Managing Kaspersky Endpoint Agent tasks
- Creating a local task
- Creating a group task
- Viewing the table of tasks
- Deleting a task from the list
- Starting tasks manually
- Viewing task execution results
- Configuring the storage time for the task execution results on the Administration Server
- Creating Kaspersky Endpoint Agent activation task
- Managing Kaspersky Endpoint Agent database and module update tasks
- Managing IOC Scan tasks in Kaspersky Endpoint Agent
- Managing Kaspersky Endpoint Agent using Kaspersky Security Center Web Console
- Managing Kaspersky Endpoint Agent policies
- Configuring Kaspersky Endpoint Agent settings
- Opening Kaspersky Endpoint Agent settings window
- Configuring Kaspersky Endpoint Agent security settings
- Configuring Kaspersky Endpoint Agent connection settings to a proxy server
- Configuring Kaspersky Security Center as a proxy server for Kaspersky Endpoint Agent activation
- Configuring Kaspersky Endpoint Agent policy type
- Configuring KSN usage in Kaspersky Endpoint Agent
- Configuring integration between Kaspersky Endpoint Agent and KATA Central Node
- Configuring EDR telemetry settings
- Configuring storage settings in Kaspersky Endpoint Agent
- Configuring integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response
- Configuring failure diagnosis
- Managing Kaspersky Endpoint Agent tasks
- Creating tasks
- Viewing the table of tasks
- Deleting a task from the list
- Configuring task schedule settings
- Starting tasks manually
- Creating Kaspersky Endpoint Agent activation tasks
- Configuring Database and application module update task
- Managing Standard IOC Scan tasks
- Configuring the Quarantine file task
- Configuring the Delete file task
- Configuring the Run process task
- Configuring the Terminate process task
- Managing Kaspersky Endpoint Agent using the command line interface
- Managing Kaspersky Endpoint Agent activation
- Managing Kaspersky Endpoint Agent authentication
- Configuring tracing
- Configuring creation of dump files
- Viewing information about quarantine settings and quarantined objects
- Actions on quarantined objects
- Managing integration settings with KATA Central Node component
- Running Kaspersky Endpoint Agent database and module update
- Starting, stopping and viewing the current application status
- Protecting the application with password
- Protecting application services with PPL technology
- Managing self-defense settings
- Managing event filtering
- Managing network isolation
- Managing Standard IOC Scan tasks
- Managing scanning of files and processes according to YARA rules
- Managing scanning of autorun point objects according to YARA rules
- Installing and uninstalling Kaspersky Endpoint Agent
- Managing Kaspersky Endpoint Agent for Linux
- Installing and removing Kaspersky Endpoint Agent for Linux
- Preparing to install Kaspersky Endpoint Agent for Linux
- Installing Kaspersky Endpoint Agent for Linux using Kaspersky Security Center Administration Console
- Installing Kaspersky Endpoint Agent for Linux using Kaspersky Security Center Web Console
- Local installation of Kaspersky Endpoint Agent for Linux
- Updating and restoring Kaspersky Endpoint Agent for Linux
- Removing Kaspersky Endpoint Agent for Linux
- Managing Kaspersky Endpoint Agent for Linux policies using Kaspersky Security Center Administration Console
- Managing Kaspersky Endpoint Agent for Linux using Kaspersky Security Center Web Console
- Managing Kaspersky Endpoint Agent for Linux using the command line
- Verifying the integrity of Kaspersky Endpoint Agent for Linux components
- Installing and removing Kaspersky Endpoint Agent for Linux
- Creating a backup copy and restoring the program from backup
- Creating a backup copy of Central Node server settings from the program administrator menu
- Downloading a file containing a backup copy of server settings from the Central Node or PCN server to the hard drive of the computer
- Uploading a file containing a backup copy of server settings from your computer to the Central Node server
- Restoring server settings from a backup copy using the program administrator menu
- Creating a backup copy of the program in Technical Support Mode
- Restoring the program from a backup copy in Technical Support Mode
- Upgrading Kaspersky Anti Targeted Attack Platform
- Interaction with external systems via API
- Integrating an external system with Kaspersky Anti Targeted Attack Platform
- API for scanning objects of external systems
- API for sending alert information to external systems
- API for managing Threat Response actions
- Sources of information about the program
- Contacting the Technical Support Service
- Glossary
- Advanced persistent threat (APT)
- Alternate data stream
- Anti-Malware Engine
- Backdoor program
- Central Node
- Communication channel bandwidth
- CSRF attack
- Distributed solution
- Dump
- End User License Agreement
- ICAP data
- Intrusion Detection System
- IOA
- IOC
- IOC file
- Kaspersky Anti Targeted Attack Platform
- Kaspersky Endpoint Agent
- Kaspersky Private Security Network
- Kaspersky Secure Mail Gateway
- Kaspersky Security Network (KSN)
- Kaspersky Threat Intelligence Portal
- KATA
- KEDR
- Kerberos authentication
- Keytab file
- Local reputation database of KPSN
- Malicious web addresses
- MIB (Management Information Base)
- Mirrored traffic
- MITM attack
- MITRE technique
- Multitenancy
- New generation threats
- NTP server
- OpenIOC
- Phishing URL addresses
- Sandbox
- Sensor
- Service principal name (SPN)
- SIEM system
- Signature
- SPAN
- Syslog
- TAA (IOA) rule
- Targeted attack
- Targeted Attack Analyzer
- Tenant
- TLS encryption
- Tracing
- VIP status
- YARA
- YARA rules
- Zero-day attack
- Zero-day vulnerability
- Information about third-party code
- Trademark notices
Creating a backup copy and restoring the program from backup > Creating a backup copy of Central Node server settings from the program administrator menu
Creating a backup copy of Central Node server settings from the program administrator menu
Creating a backup copy of Central Node server settings from the program administrator menu
To create a backup copy of the Central Node (PCN or SCN in
distributed solution and
Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).
multitenancy
mode), do the following in the administrator menu of the server:
Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.
- In the list of sections of the program administrator menu, select the System administration section.
- Press ENTER.
This opens the action selection window.
- In the list of actions, select Backup/Restore settings.
- Press ENTER.
This opens the Backup/Restore settings window.
- In the list of actions, select New.
- Press ENTER.
This opens the Backup settings window.
- Click Back up.
A backup copy of server settings is created.
Article ID: 162400, Last review: Oct 12, 2022