This Help provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.
If you want Kaspersky Endpoint Agent to create Autonomous IOC Scan tasks when responding to threats, configure authentication on the Administration Server.
The application uses a special Administration Server user account, which has limited permissions and is intended only for creating Autonomous IOC Scan tasks.
The special account can only be created in the Threat Response window in Kaspersky Endpoint Agent policy properties or in the application properties of an individual device. The special account must be created on the Administration Server only once and its password must be used to configure Threat Response settings in the properties of other devices or other policies of the same Administration Server.
It is not possible to change the password of the special account created for Autonomous IOC Scan tasks. If you forget the password of this account, delete it using standard Kaspersky Security Center tools and create it again in the Threat response window.
To configure authentication on the Administration Server for Autonomous IOC Scan tasks:
The settings in the Authentication on Administration Server group are editable only if the Run IOC Scan for a managed group of devices option is selected in the Selected actions list.
The Creating special user for Autonomous IOC Scan tasks group of settings becomes editable only after existence of a special account is checked.
Authentication on the Administration Server for Autonomous IOC Scan tasks is configured.