About YARA scan in Kaspersky Endpoint Agent

A YARA scan is a process performed by Kaspersky Endpoint Agent to search for malicious activity signatures on devices using YARA files (signature files of the open YARA standard). The scan is performed recursively on local drives. The scan is not supported for network, connected and cloud resources.

Kaspersky Endpoint Agent supports the following types of YARA scans:

The scan types differ by the management capabilities and configurable settings. The YARA scan types are described in the following table.

YARA scan types

Scan type

Description

YARA files scan using the command line

This scan is started manually using the command line interface, without integration with third-party systems.

YARA files prepared by the user are used to run the scan.

The scan settings do not depend on the policy settings.

The scan results are available immediately after the scan has been completed in the command line.

YARA scan by YARA files downloaded manually via the Kaspersky Anti Targeted Attack Platform web interface

YARA files are downloaded manually via Kaspersky Anti Targeted Attack Platform web interface. It is also possible to configure the YARA scan schedule for computers with Kaspersky Endpoint Agent in the web interface of the Kaspersky Anti Targeted Attack Platform.

This scan cannot be managed using the command line.

There are no automatic actions when YARA rules are triggered.

Scan settings do not depend on Kaspersky Endpoint Agent policies.

For detailed information about this type of scan, refer to the Kaspersky Anti Targeted Attack Platform Help.

Page top