- Kaspersky Endpoint Agent Help
- Kaspersky Endpoint Agent
- Installing and uninstalling Kaspersky Endpoint Agent
- Preparing for Kaspersky Endpoint Agent installation
- Installing Kaspersky Endpoint Agent
- Installing and uninstalling Kaspersky Endpoint Agent locally
- Installing Kaspersky Endpoint Agent using Kaspersky Security Center
- Installing Kaspersky Endpoint Agent administration tools
- Updating Kaspersky Endpoint Agent from the previous version
- Repairing Kaspersky Endpoint Agent
- Changes in the system after Kaspersky Endpoint Agent installation
- Application licensing
- Kaspersky Endpoint Agent application data
- Service data
- Data on events in Windows Event Log
- Data in requests to Kaspersky Sandbox
- Data provided when using the activation code
- Data received as a result of IOC Scan task execution
- Data in YARA Scan results
- Data in requests to the KATA Central Node component
- Data in requests to Kaspersky Industrial CyberSecurity for Networks server
- Data for creating a threat development chain
- Providing extended Kaspersky Endpoint Agent diagnostic information to Technical Support specialists
- Data in trace and dump files
- Data on acceptance of the terms of KSN Statement
- Network isolation
- Execution prevention
- IOC Scan
- YARA scan
- Security audit
- Working with incident card
- About the EDR notifications widget
- About Kaspersky Endpoint Detection and Response Optimum
- About integration with Kaspersky Anti Targeted Attack Platform
- About integration with Kaspersky Managed Detection and Response
- About integration with Kaspersky Sandbox
- About integration with Kaspersky Industrial CyberSecurity for Networks
- Managing Kaspersky Endpoint Agent using Kaspersky Security Center Administration Console
- Managing Kaspersky Endpoint Agent policies
- Configuring Kaspersky Endpoint Agent settings
- Opening Kaspersky Endpoint Agent settings window
- Configuring Kaspersky Endpoint Agent security settings
- Configuring Kaspersky Endpoint Agent connection settings to a proxy server
- Configuring Kaspersky Security Center as a proxy server for Kaspersky Endpoint Agent activation
- Configure network isolation settings
- Configuring KSN usage in Kaspersky Endpoint Agent
- Configuring the integration of Kaspersky Endpoint Agent with Kaspersky Sandbox
- Enabling and disabling integration with Kaspersky Sandbox
- Configuring trusted connection between Kaspersky Sandbox and Kaspersky Endpoint Agent
- Configuring the response timeout of Kaspersky Sandbox and request queue settings
- Adding Kaspersky Sandbox servers to Kaspersky Endpoint Agent list
- Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox
- Enabling and disabling Threat Response actions
- Adding Threat Response actions to the action list of the current policy
- Configuring authentication on the Administration Server for Autonomous IOC Scan tasks
- Device protection from legitimate applications that can be used by cybercriminals
- Configuring start of Autonomous IOC Scan tasks
- Configuring integration between Kaspersky Endpoint Agent and KATA Central Node
- Configuring integration between Kaspersky Endpoint Agent and Kaspersky Industrial CyberSecurity for Networks
- Enabling integration with Kaspersky Industrial CyberSecurity for Networks
- Configuring trusted connection with Kaspersky Industrial CyberSecurity for Networks
- Configuring synchronization settings between Kaspersky Endpoint Agent and Kaspersky Industrial CyberSecurity for Networks
- Configuring data submission settings
- Configuring integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response
- Configuring EDR telemetry settings
- Configuring storage settings in Kaspersky Endpoint Agent
- Configuring failure diagnosis
- Managing Kaspersky Endpoint Agent tasks
- Creating a local task
- Creating a group task
- Viewing the table of tasks
- Deleting a task from the list
- Starting tasks manually
- Starting tasks by schedule
- Viewing task execution results
- Configuring the storage time for the task execution results on the Administration Server
- Creating Kaspersky Endpoint Agent activation task
- Managing Kaspersky Endpoint Agent database and module update tasks
- Managing IOC Scan tasks in Kaspersky Endpoint Agent
- Managing the application using Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console
- Managing Kaspersky Endpoint Agent policies
- Configuring Kaspersky Endpoint Agent settings
- Opening Kaspersky Endpoint Agent settings window
- Configuring Kaspersky Endpoint Agent security settings
- Configuring Kaspersky Endpoint Agent connection settings to a proxy server
- Configuring Kaspersky Security Center as a proxy server for Kaspersky Endpoint Agent activation
- Configure network isolation settings
- Configuring Kaspersky Endpoint Agent policy type
- Configuring KSN usage in Kaspersky Endpoint Agent
- Configuring the integration of Kaspersky Endpoint Agent with Kaspersky Sandbox
- Enabling and disabling integration with Kaspersky Sandbox
- Configuring trusted connection on Kaspersky Endpoint Agent side
- Adding Kaspersky Sandbox servers to Kaspersky Endpoint Agent list
- Configuring the response timeout of Kaspersky Sandbox and request queue settings
- Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox
- Enabling detection of legitimate applications that can be used by cybercriminals
- Configuring IOC Scan tasks start
- Configuring integration between Kaspersky Endpoint Agent and KATA Central Node
- Configuring integration between Kaspersky Endpoint Agent and Kaspersky Industrial CyberSecurity for Networks
- Enabling integration with Kaspersky Industrial CyberSecurity for Networks
- Configuring trusted connection with Kaspersky Industrial CyberSecurity for Networks
- Configuring synchronization settings between Kaspersky Endpoint Agent and Kaspersky Industrial CyberSecurity for Networks
- Configuring data submission settings
- Configuring integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response
- Configuring EDR telemetry settings
- Configuring Execution prevention settings
- Configuring storage settings in Kaspersky Endpoint Agent
- Configuring failure diagnosis
- Managing Kaspersky Endpoint Agent tasks
- Creating tasks
- Viewing the table of tasks
- Deleting a task from the list
- Configuring task schedule settings
- Starting tasks manually
- Viewing task execution results
- Configuring the storage time for the task execution results on the Administration Server
- Creating Kaspersky Endpoint Agent activation tasks
- Configuring Database and application module update task
- Managing Standard IOC Scan tasks
- Managing Security Audit tasks
- Creating the Security Audit task with the default settings
- Configuring Security Audit task settings using the Kaspersky ICS CERT vulnerabilities database for SCADA
- Configuring Security Audit task settings using a security and standards compliance configuration
- Configuring Security Audit task settings using a custom rule database from the Kaspersky Security Center repository
- Configuring the Security Audit task settings using a custom database from file
- Viewing the Security Audit task execution results
- Exporting the Security Audit task execution results to a separate file
- Configuring the Quarantine file task
- Configuring the Delete file task
- Configuring the Run process task
- Configuring the Terminate process task
- Managing Kaspersky Endpoint Agent using the command line interface
- Managing Kaspersky Endpoint Agent activation
- Managing Kaspersky Endpoint Agent authentication
- Configuring tracing
- Configuring creating a dump of Kaspersky Endpoint Agent processes
- Viewing information about quarantine settings and quarantined objects
- Actions on quarantined objects
- Managing Kaspersky Sandbox integration settings
- Managing integration settings with KATA Central Node component
- Managing integration settings with Kaspersky Industrial CyberSecurity for Networks
- Running Kaspersky Endpoint Agent database and module update
- Starting, stopping and viewing the current application status
- Protecting the application with password
- Protecting application services with PPL technology
- Managing self-defense settings
- Managing event filtering
- Managing network isolation
- Managing Standard IOC Scan tasks
- Configuring and launching the Security Audit task
- Creating a thumbprint for the certificate for signing files with OVAL or XCCDF rules
- Creating a Kaspersky Security Center installation package with custom OVAL or XCCDF rules
- Managing scanning of files and processes according to YARA rules
- Managing scanning of autorun point objects according to YARA rules
- Managing Execution prevention
- Creating a memory dump
- Creating a disk dump
- Contact Technical Support
- Glossary
- Information about third-party code
- Trademark notices
Security audit > Supported OVAL scan types
Supported OVAL scan types
Supported OVAL scan types
The following types of OVAL scans are supported for the Security Audit task:
- accesstoken_item
- auditeventpolicy_item
- auditeventpolicysubcategories_item
- cmdlet_item - available for Windows XP / Server 2003 and later
- environmentvariable58_item
- environmentvariable_item
- family_item
- file_item
- filehash58_item
- filehash_item
- group_sid_item
- interface_item
- lockoutpolicy_item
- passwordpolicy_item
- port_item
- process58_item
- process_item
- registry_item
- textfilecontent54_item
- user_item
- user_sid_item
- variable_item
- wmi57_item
- wmi_item
For unsupported OVAL scan types, the result of the Security Audit task is Unknown.
Article ID: 231942, Last review: Dec 13, 2022