The Scan results section can display the following results of alert scanning:
Displayed for streaming scans.
Click Create prevention rule to prevent the file from running.
The Find on TIP button allows to find a file on the Kaspersky Threat Intelligence Portal.
Displayed when scanning Kaspersky Endpoint Agent hosts.
Clicking the link with the file path opens a list in which you can select one of the following actions:
You can click Create task to create the following tasks:
Click Create prevention rule to prevent the file from running.
The Find on TIP button allows to find a file on the Kaspersky Threat Intelligence Portal.
You can click View in quarantine to display quarantined object details.
You can click Sandbox detect to open a window with detailed information about the results of file behavior analysis.
The Find on TIP button allows to find a file on the Kaspersky Threat Intelligence Portal.
Click Create prevention rule to prevent the file from running.
You can download a detailed log of file behavior analysis in all operating systems by clicking Download debug info.
The file is downloaded in the form of a ZIP archive encrypted with the password "infected". The name of the scanned file inside the archive is replaced by the file's MD5 hash. The file extension of file inside the archive is not displayed.
By default, the maximum hard drive space for storing file behavior scan logs is 300 GB in all operating systems. Upon reaching this limit, the program deletes the oldest file behavior scan logs and replaces them with new logs.
Click the link to display the category of the object in the Kaspersky Threats database.
Click the link to display the category of the object in the Kaspersky Threats database.
The Find on TIP button allows to find a file on the Kaspersky Threat Intelligence Portal.
Click Create prevention rule to prevent the file from running.
Click Download to download the file to your computer's hard drive.
Click the link to display information about the TAA (IOA) rule. If the rule was provided by Kaspersky experts, it contains information about the triggered MITRE technique as well as recommendations for reacting to the event.
Select an IOC file to open a window with the results of the IOC scan.
Click All alert-related events to display the Threat Hunting event table in a new browser tab. A search filter is configured in the search criteria, for example, by MD5, FileFullName. The filtering values are populated with the properties of the alert you are working on. For example, the MD5 hash of the file in the alert.