Receiving files from computers with the Endpoint Agent component for scanning in Sandbox

You can configure the reception of files from computers with the Endpoint Agent component to be scanned by the Sandbox component. If the function of receiving files is enabled, the user of a computer with the Endpoint Agent component can send any file that they consider potentially unsafe to be scanned in Sandbox. You can also configure files to be received automatically. In this case, Kaspersky Anti Targeted Attack Platform receives files for scanning that the application acting as the Endpoint Agent component automatically sends for scanning.

This function is available if the Endpoint Agent component is represented by Kaspersky Endpoint Security 12.11 for Windows or Kaspersky Endpoint Security 12.4.0 for Linux.

Receiving files for scanning involves the following steps:

  1. Configuring integration with the Endpoint Agent component for scanning files in Sandbox.
  2. Configuring the integration of Kaspersky Endpoint Security for Windows or Kaspersky Endpoint Security for Linux with the Sandbox component (KATA Sandbox).
  3. Enabling the reception of files for scanning in Sandbox in the web interface of Kaspersky Anti Targeted Attack Platform.
  4. Sending files to be scanned by the Sandbox component in Kaspersky Endpoint Security for Windows and Kaspersky Endpoint Security for Linux.

The maximum size of a file that Kaspersky Anti Targeted Attack Platform accepts for scanning is 200 MB.

Based on the results of the scan, Kaspersky Anti Targeted Attack Platform may record an alert in the alert database. Details of these alerts are displayed in the Alerts by attack vector widget.

In distributed solution and multitenancy mode, you must enable the reception of files to be scanned by the Sandbox component on each Central Node server on which you want to use this function. If the Central Node component is deployed as a cluster, you can enable the functionality on any server in the cluster.

You can view information about connected computers with the Endpoint Agent component, configure the activity indicators of these computers, and remove them from the table of computers with the Endpoint Agent component.

Page top