Device protection from legitimate applications that can be used by cybercriminals

You can enable the detection of legitimate applications that can be used by cybercriminals to harm your organization's local network. Kaspersky Endpoint Agent believes such applications pose threats and performs threat response actions on them accordingly.

Legitimate applications are allowed to be installed and used on devices and are designed to perform user tasks. However, some types of legitimate applications, when used by cybercriminals, may harm an organization's devices or local network. If cybercriminals gain access to such applications or deploy them on devices, they can use the functions of these applications to violate the security of the organization's devices or local network.

These applications include IRC clients, dialers, file download applications, computer system activity monitors, password utilities, and Internet servers for FTP, HTTP or Telnet services.

To enable the detection of legitimate applications:

1. Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
2. Select the administration group for which you want to configure application settings.
3. Perform one of the following actions in the details pane of the selected administration group:
   • To configure application settings for a group of protected devices, select the Policies tab and open the Properties: <Policy name> window.
     1. In the tree of Kaspersky Security Center Administration Console, expand the Managed devices node.
     2. Expand the administration group whose policy settings you want to configure, and select the Policies tab in the results pane.
     3. Select the policy you want to configure.
     4. Open the Properties: <Policy name> window in one of the following ways:
        • Select the Properties option in the context menu of the policy.
        • Click the Configure policy settings link in the results pane of the selected policy.
        • Double-click the required policy.

        The Properties: <Policy name> window opens.

   • To configure the settings of a task or application for an individual protected device, select the Devices tab and go to the settings of a local task or the application settings.
4. In the Kaspersky Sandbox integration section select the Threat response subsection.
5. In the Additional group of settings select the Enable detection of legitimate applications that can be exploited by adversaries check box.
6. In the upper right corner of the settings group, change the switch from Unaffected by policy to Under policy.
7. Click Apply and OK.

Detection of legitimate applications that can be used by cybercriminals to harm your organization's local network has been enabled.

See also Enabling and disabling Threat Response actions Adding Threat Response actions to the action list of the current policy Configuring authentication on the Administration Server for Autonomous IOC Scan tasks Configuring start of Autonomous IOC Scan tasks

Page top