This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.
To configure the Autonomous IOC Scan task settings:
Open Kaspersky Security Center Administration Console.
In Kaspersky Security Center Administration Console tree, open the Tasks folder.
A list of tasks appears.
In the Run IOC Scan section, select the task in the list and right-click it to open the task action menu.
Select the Properties menu item.
The task properties window opens.
In the left part of the window, select the group of settings that you want to change.
In the right part of the window, make the necessary modifications and click Apply and OK.
Make sure, that the On the Administration Server for (days) check box is selected in the Save information about results section, and specify for how many days you want to store the task execution results.
By default, task execution results are stored on the Administration Server for 7 days.
To configure the application's actions upon IOC detection:
Select the IOC scanning settings section.
In the Actions group of settings, select the Take response actions when an Indicator of Compromise is found check box.
Select the Quarantine and delete check box to quarantine the detected object and remove it from the device.
Select the Run Endpoint Protection Platform scan of critical areas on the device check box so that Kaspersky Endpoint Agent sends a command to the EPP application to scan critical areas on all the devices of the administration group on which the object is detected.
To configure the schedule settings for IOC Scan task:
In the Tasks schedule section, select the Run by schedule check box.
In the Frequency list select one of the following options to run IOC Scan tasks: At specified time, Every hour, Every day, Every week or On application launch.
If you select the At specified time option, specify the day and time to start the task in the Run by schedule section.
If you select one of the following options: Every hour, Every day or Every week, configure the following settings in the Run by schedule section:
In the Every list, select the task run frequency. For example, once a day or twice a week on Tuesdays and Thursdays.
In the Start time and Start date lists, select the date and time from which the schedule applies.
To configure advanced schedule settings, click the Advanced button and perform the following actions in the Advanced window:
If you want to set a maximum timeout for the task execution, select the Stop tasks that run longer than check box and specify the number of hours and minutes after which the task will automatically terminate.
If you want the task schedule to be valid until a certain date, select the Cancel schedule from check box and specify the expiration date for the schedule.
If you want the application to start IOC Scan tasks that were not completed on time as soon as possible, select the Run missed tasks check box.
If you want to avoid simultaneous access of a large number of workstations to the Administration Server as well as to run the task on workstations not precisely according to the schedule, but randomly within a certain time interval, select the Randomize the task start time within the interval check box and specify the start interval in minutes.
To exclude groups of devices from the task scope, in the Exclusions from task scope section, select the groups of devices to which the task will not be applied.
Only the subgroups of the administration group to which the task applies can be excluded.