Configuring authentication on the Administration Server for Autonomous IOC Scan tasks
If you want Kaspersky Endpoint Agent to create Autonomous IOC Scan tasks when responding to threats, configure authentication on the Administration Server.
Autonomous IOC Scan tasks are group tasks that are created automatically in response to the threats detected by Kaspersky Sandbox. Kaspersky Endpoint Agent generates an IOC file automatically. Operations with custom IOC files are not supported. Tasks are automatically deleted in seven days after the last start or after creation if tasks were never started. For more information about autonomous IOC Scan tasks, see Kaspersky Sandbox Help.
The application uses a special Administration Server user account, which has limited permissions and is only intended for creating Autonomous IOC Scan tasks.
The special account can only be created in the Threat Response window in Kaspersky Endpoint Agent policy properties or in the application properties of an individual device. The special account must be created on the Administration Server only once and its password must be used to configure Threat Response settings in the properties of other devices or other policies of the same Administration Server.
It is not possible to change the password of the special account created for Autonomous IOC Scan tasks. If you forget the password of this account, delete it using standard Kaspersky Security Center tools and create it again in the Threat response window.
To configure authentication on the Administration Server for Autonomous IOC Scan tasks:
Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
Select the administration group for which you want to configure application settings.
Perform one of the following actions in the details pane of the selected administration group:
To configure application settings for a group of protected devices, select the Policies tab and open the Properties: <Policy name> window.
In the tree of Kaspersky Security Center Administration Console, expand the Managed devices node.
Expand the administration group whose policy settings you want to configure, and select the Policies tab in the results pane.
Select the policy you want to configure.
Open the Properties: <Policy name> window in one of the following ways:
Select the Properties option in the context menu of the policy.
Click the Configure policy settings link in the results pane of the selected policy.
In the window that opens, in the Connection to Administration Server group of settings, enter the data for connecting to the Administration Server, as well as the login and password of the Administration Server account with the permissions to create new users.
Click the Connect and check for the user button.
In the pop-up window, review the information on special account availability and close it.
If the account does not exist and you want to create it, in the Password field of the Creating special user for Autonomous IOC Scan tasks group of settings, specify a password with a length of 8–16 characters and click the Create special user button.
The Creating special user for Autonomous IOC Scan tasks group of settings becomes editable only after the existence of a special account has been checked.
Click Exit to close the Administration Server user for Autonomous IOC Scan tasks window.
In the Administration Server password field of the Authentication on Administration Server group of settings, enter the password for the special account created for the Autonomous IOC Scan tasks.
In the upper right corner of the settings group, change the switch from Unaffected by policy to Under policy.
Click OK.
Authentication on the Administration Server for Autonomous IOC Scan tasks has been configured.