Configuring authentication on the Administration Server for Autonomous IOC Scan tasks

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

If you want Kaspersky Endpoint Agent to create Autonomous IOC Scan tasks when responding to threats, configure authentication on the Administration Server.

The application uses a special Administration Server user account, which has limited permissions and is only intended for creating Autonomous IOC Scan tasks.

The special account can only be created in the Threat Response window in Kaspersky Endpoint Agent policy properties or in the application properties of an individual device. The special account must be created on the Administration Server only once and its password must be used to configure Threat Response settings in the properties of other devices or other policies of the same Administration Server.

It is not possible to change the password of the special account created for Autonomous IOC Scan tasks. If you forget the password of this account, delete it using standard Kaspersky Security Center tools and create it again in the Threat Response window.

To configure authentication on the Administration Server for Autonomous IOC Scan tasks:

Open Kaspersky Security Center Administration Console.
In the console tree, open the Policies folder.
Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
- Double-click the policy name.
- Select Properties in the policy context menu.
- Select the Configure policy settings item in the right part of the window.
In the Kaspersky Sandbox integration section select the Threat Response subsection.
To check for the availability of a special account for Autonomous IOC Scan tasks, or to create such an account:
1. In the Authentication on Administration Server group of settings, click the Check if the user exists button.
  The settings in the Authentication on Administration Server group are editable only if the Run IOC Scan on a managed group of devices option is selected in the Selected actions list.
2. In the window that opens, in the Connection to the Administration Server group of settings, enter the data for connecting to the Administration Server, as well as the login and password of the Administration Server account with the permissions to create new users.
3. Click the Connect and check if the special user exists button.
4. In the pop-up window, review the information on special account availability and close it.
5. If the account does not exist and you want to create it, in the Password field of the Creation of the Administration Server special user for Autonomous IOC Scan tasks group of settings, specify a password with a length of 8–16 characters and click the Create the Administration Server special user button.
  The Creation of the Administration Server special user for Autonomous IOC Scan tasks group of settings becomes editable only after the existence of a special account has been checked.
6. Click Exit to close the Administration Server special user for managing Autonomous IOC Scan tasks window.
In the Administration Server login field of the Authentication on Administration Server group of settings, enter the password for the special account created for the Autonomous IOC Scan tasks.
In the upper right corner of the settings group, change the switch from Policy not enforced to Under policy.
Click OK.

Authentication on the Administration Server for Autonomous IOC Scan tasks has been configured.