- Kaspersky Endpoint Agent Help
- Kaspersky Endpoint Agent
- Installing and uninstalling Kaspersky Endpoint Agent
- Preparing for Kaspersky Endpoint Agent installation
- Installing Kaspersky Endpoint Agent
- Installing and uninstalling Kaspersky Endpoint Agent locally
- Installing Kaspersky Endpoint Agent using Kaspersky Security Center
- Installing Kaspersky Endpoint Agent administration tools
- Updating Kaspersky Endpoint Agent from the previous version
- Repairing Kaspersky Endpoint Agent
- Changes in the system after Kaspersky Endpoint Agent installation
- Application licensing
- Kaspersky Endpoint Agent application data
- Service data
- Data on events in Windows Event Log
- Data in requests to Kaspersky Sandbox
- Data provided when using the activation code
- Data received as a result of IOC Scan task execution
- Data in YARA Scan results
- Data in requests to the KATA Central Node component
- Data in requests to Kaspersky Industrial CyberSecurity for Networks server
- Data for creating a threat development chain
- Providing extended Kaspersky Endpoint Agent diagnostic information to the Technical Support specialists
- Data in trace and dump files
- Data on acceptance the terms of KSN Statement
- Network isolation
- Execution prevention
- IOC Scan
- YARA scan
- Security audit
- Working with incident card
- About the EDR notifications widget
- About Kaspersky Endpoint Detection and Response Optimum
- About integration with Kaspersky Anti Targeted Attack Platform
- About integration with Kaspersky Managed Detection and Response
- About integration with Kaspersky Sandbox
- About integration with Kaspersky Industrial CyberSecurity for Networks
- Managing Kaspersky Endpoint Agent using Kaspersky Security Center Administration Console
- Managing Kaspersky Endpoint Agent policies
- Configuring Kaspersky Endpoint Agent settings
- Opening Kaspersky Endpoint Agent settings window
- Configuring Kaspersky Endpoint Agent security settings
- Configuring Kaspersky Endpoint Agent connection settings to a proxy server
- Configuring Kaspersky Security Center as a proxy server for Kaspersky Endpoint Agent activation
- Configure network isolation settings
- Configuring KSN usage in Kaspersky Endpoint Agent
- Configuring the integration of Kaspersky Endpoint Agent with Kaspersky Sandbox
- Enabling and disabling integration with Kaspersky Sandbox
- Configuring trusted connection between Kaspersky Sandbox and Kaspersky Endpoint Agent
- Configuring the response timeout of Kaspersky Sandbox and request queue settings
- Adding Kaspersky Sandbox servers to Kaspersky Endpoint Agent list
- Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox
- Enabling and disabling Threat Response actions
- Adding Threat Response actions to the action list of the current policy
- Configuring authentication on the Administration Server for Autonomous IOC Scan tasks
- Device protection from legitimate applications that can be used by cybercriminals
- Configuring start of Autonomous IOC Scan tasks
- Configuring integration between Kaspersky Endpoint Agent and KATA Central Node
- Configuring integration between Kaspersky Endpoint Agent and Kaspersky Industrial CyberSecurity for Networks
- Enabling integration with Kaspersky Industrial CyberSecurity for Networks
- Configuring trusted connection with Kaspersky Industrial CyberSecurity for Networks
- Configuring synchronization settings between Kaspersky Endpoint Agent and Kaspersky Industrial CyberSecurity for Networks
- Configuring data submission settings
- Configuring integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response
- Configuring EDR telemetry settings
- Configuring storage settings in Kaspersky Endpoint Agent
- Configuring failure diagnosis
- Managing Kaspersky Endpoint Agent tasks
- Creating a local task
- Creating a group task
- Viewing the table of tasks
- Deleting a task from the list
- Starting tasks manually
- Starting tasks by schedule
- Viewing task execution results
- Configuring the storage time for the task execution results on the Administration Server
- Creating Kaspersky Endpoint Agent activation task
- Managing Kaspersky Endpoint Agent database and module update tasks
- Managing IOC Scan tasks in Kaspersky Endpoint Agent
- Managing the application using Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console
- Managing Kaspersky Endpoint Agent policies
- Configuring Kaspersky Endpoint Agent settings
- Opening Kaspersky Endpoint Agent settings window
- Configuring Kaspersky Endpoint Agent security settings
- Configuring Kaspersky Endpoint Agent connection settings to a proxy server
- Configuring Kaspersky Security Center as a proxy server for Kaspersky Endpoint Agent activation
- Configure network isolation settings
- Configuring Kaspersky Endpoint Agent policy type
- Configuring KSN usage in Kaspersky Endpoint Agent
- Configuring the integration of Kaspersky Endpoint Agent with Kaspersky Sandbox
- Enabling and disabling integration with Kaspersky Sandbox
- Configuring trusted connection on Kaspersky Endpoint Agent side
- Adding Kaspersky Sandbox servers to Kaspersky Endpoint Agent list
- Configuring the response timeout of Kaspersky Sandbox and request queue settings
- Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox
- Enabling detection of legitimate applications that can be used by cybercriminals
- Configuring IOC Scan tasks start
- Configuring integration between Kaspersky Endpoint Agent and KATA Central Node
- Configuring integration between Kaspersky Endpoint Agent and Kaspersky Industrial CyberSecurity for Networks
- Enabling integration with Kaspersky Industrial CyberSecurity for Networks
- Configuring trusted connection with Kaspersky Industrial CyberSecurity for Networks
- Configuring synchronization settings between Kaspersky Endpoint Agent and Kaspersky Industrial CyberSecurity for Networks
- Configuring data submission settings
- Configuring integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response
- Configuring EDR telemetry settings
- Configuring Execution prevention settings
- Configuring storage settings in Kaspersky Endpoint Agent
- Configuring failure diagnosis
- Managing Kaspersky Endpoint Agent tasks
- Creating tasks
- Viewing the table of tasks
- Deleting a task from the list
- Configuring task schedule settings
- Starting tasks manually
- Viewing task execution results
- Configuring the storage time for the task execution results on the Administration Server
- Creating Kaspersky Endpoint Agent activation tasks
- Configuring Database and application module update task
- Managing Standard IOC Scan tasks
- Managing the Security audit tasks
- Creating the Security audit task with the default settings
- Configuring the Security Audit task settings using the SCADA vulnerabilities database created by KL ICS Cert
- Configuring the Security audit task settings
- Configuring the Security audit task settings using a custom database from file
- Viewing the Security audit task execution results
- Exporting the Security audit task execution results to a separate file
- Configuring the Quarantine file task
- Configuring the Delete file task
- Configuring the Run process task
- Configuring the Terminate process task
- Managing Kaspersky Endpoint Agent using the command line interface
- Managing Kaspersky Endpoint Agent activation
- Managing Kaspersky Endpoint Agent authentication
- Configuring tracing
- Configuring creation of dump files
- Viewing information about quarantine settings and quarantined objects
- Actions on quarantined objects
- Managing Kaspersky Sandbox integration settings
- Managing integration settings with KATA Central Node component
- Managing integration settings with Kaspersky Industrial CyberSecurity for Networks
- Running Kaspersky Endpoint Agent database and module update
- Starting, stopping and viewing the current application status
- Protecting the application with password
- Protecting application services with PPL technology
- Managing self-defense settings
- Managing event filtering
- Managing network isolation
- Managing Standard IOC Scan tasks
- Managing the Security audit tasks
- Creating a file signing certificate with OVAL rules
- Creating Kaspersky Security Center installation package with custom OVAL rules
- Managing scanning of files and processes according to YARA rules
- Managing scanning of autorun point objects according to YARA rules
- Managing Execution prevention
- Contact Technical Support
- Glossary
- Information about third-party code
- Trademark notices
Working with incident card > Prerequisites for creating threat development chain
Prerequisites for creating threat development chain
Prerequisites for creating threat development chain
This Help provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.
The following prerequisites must be met to create a threat development chain:
- A compatible version of Endpoint Protection Platform (Kaspersky Security for Windows Server 11 or later or Kaspersky Endpoint Security for Windows 11.4.0 or later) is installed on the managed device with Kaspersky Endpoint Agent.
- Kaspersky Endpoint Agent is activated with the Kaspersky EDR Optimum key.
- Kaspersky Endpoint Agent and Endpoint Protection Platform are managed by Kaspersky Security Center Web Console.
- Kaspersky Endpoint Agent web plug-in is installed on a device with Kaspersky Security Center Web Console installed.
- An active policy is applied to the device. Creation of a threat development chain and forced usage of these settings is enabled in the properties of this policy.
If a policy is not applied to a managed device, creation of the threat development chain must be enabled in the application properties.
By default, creation of the threat development chain is disabled in the application properties for the managed device.
Article ID: 200162, Last review: Sep 13, 2022