Device protection from legitimate applications that can be used by cybercriminals

This Help provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

You can enable detection of legitimate applications that can be used by cybercriminals to harm your organization local network. Kaspersky Endpoint Agent considers such applications as posing threats and performs threat response actions on them.

Legitimate applications are allowed to be installed and used on devices and are designed to perform user tasks. However, some types of legitimate applications, when used by cybercriminals, may harm devices or organization local network. If cybercriminals gain access to such applications or deploy them on devices, they can use functions of such applications to violate security of the devices or organization local network.

Such applications include IRC clients, dialers, file download applications, computer system activity monitors, password utilities, Internet servers for FTP, HTTP or Telnet services.

To enable detection of potentially harmful legitimate applications:

1. Open Kaspersky Security Center Administration Console.
2. In the console tree, open the Policies folder.
3. Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
   • Double-click the policy name.
   • Select Properties in the policy context menu.
   • Select the Configure policy settings item in the right part of the window.
4. In the Kaspersky Sandbox integration section select the Threat Response subsection.
5. In the Additional group of settings select the Enable detection of legitimate applications that can be exploited by adversaries check box.
6. In the upper right corner of the settings group, change the switch from Policy not enforced to Under policy.
7. Click Apply and OK.

Detection of legitimate applications that can be used by cybercriminals to harm your organization local network is enabled.

See also Enabling and disabling Threat Response actions Adding Threat Response actions to the action list of the current policy Configuring authentication on the Administration Server for Autonomous IOC Scan tasks Configuring start of Autonomous IOC Scan tasks

Page top