Configuring authentication on the Administration Server for Autonomous IOC Scan tasks

This Help provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

If you want Kaspersky Endpoint Agent to create Autonomous IOC Scan tasks when responding to threats, configure authentication on the Administration Server.

The application uses a special Administration Server user account, which has limited permissions and is intended only for creating Autonomous IOC Scan tasks.

The special account can only be created in the Threat Response window in Kaspersky Endpoint Agent policy properties or in the application properties of an individual device. The special account must be created on the Administration Server only once and its password must be used to configure Threat Response settings in the properties of other devices or other policies of the same Administration Server.

It is not possible to change the password of the special account created for Autonomous IOC Scan tasks. If you forget the password of this account, delete it using standard Kaspersky Security Center tools and create it again in the Threat response window.

To configure authentication on the Administration Server for Autonomous IOC Scan tasks:

1. Open Kaspersky Security Center Administration Console.
2. In the console tree, open the Policies folder.
3. Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
   • Double-click the policy name.
   • Select Properties in the policy context menu.
   • Select the Configure policy settings item in the right part of the window.
4. In the Kaspersky Sandbox integration section select the Threat response subsection.
5. To check for availability of a special account for Autonomous IOC Scan tasks, or to create such account:
   1. In the Authentication on Administration Server group of settings, click the Check for the user button.

      The settings in the Authentication on Administration Server group are editable only if the Run IOC Scan for a managed group of devices option is selected in the Selected actions list.

   2. In the window that opens, in the Connection to Administration Server group of settings, enter the data for connecting to the Administration Server, as well as login and password of the Administration Server account having the permissions to create new users.
   3. Click the Connect and check for the user button.
   4. In the pop-up window, review the information on availability of a special account and close it.
   5. If the account does not exist and you want to create it, in the Password field of the Creating special user for Autonomous IOC Scan tasks group of settings, specify a password with the length of 8–16 characters and click the Create special user button.

      The Creating special user for Autonomous IOC Scan tasks group of settings becomes editable only after existence of a special account is checked.

   6. Click Exit to close the Administration Server user for Autonomous IOC Scan tasks window.
6. In the Administration Server password field of the Authentication on Administration Server group of settings, enter the password for the special account created for the Autonomous IOC Scan tasks.
7. In the upper right corner of the settings group, change the switch from Unaffected by policy to Under policy.
8. Click OK.

Authentication on the Administration Server for Autonomous IOC Scan tasks is configured.

See also Enabling and disabling Threat Response actions Adding Threat Response actions to the action list of the current policy Device protection from legitimate applications that can be used by cybercriminals Configuring start of Autonomous IOC Scan tasks

Page top