Configuring IOC Scan tasks start

To configure start of IOC Scan tasks:

1. Do one of the following:
   • Open the application properties window for an individual device.
     1. In the main Web Console window select Devices → Managed devices.
     2. Select the device.
     3. In the <Device name> window that opens, select the Applications tab.
     4. Select Kaspersky Endpoint Agent.
     5. In the window that opens, select the Application settings tab.
   • Open the policy properties window.
     1. In the main Web Console window select Devices → Policies and policy profiles.
     2. Select the policy you want to configure.
     3. In the <Policy name> window that opens, select the Application settings tab.
2. In the Kaspersky Sandbox integration section select the Threat response subsection.
3. In the Additional group of settings click the Configure IoC scanning link.
4. In the Scanning scope group of settings in the right part of the window, select one of the following areas where Kaspersky Endpoint Agent will search for IOCs:
   • System drive.
   • Critical areas.
5. In the Configure IoC scanning group of settings, select one of the following options to start IOC Scan tasks:
   • Manual.

     IOC Scan tasks will be created automatically, but will not be started. You can start every single task or all tasks manually.

   • Immediately.

     IOC Scan tasks will be automatically created and started.

   • Within the specified period.

     IOC Scan tasks will be created automatically, and will be started within the specified period. For example, outside of working hours from 8:00 p.m. to 7:00 a.m.

     If you select the Within the specified period option, specify the start and end of the period in the Period start time (hh:mm) и Period end time (hh:mm) fields.

     All IOC Scan tasks that were automatically created BEFORE the beginning of the specified period will start at any time WITHIN the specified period.

     All IOC Scan tasks that were automatically created WITHIN the specified period will start immediately.

     All IOC Scan tasks that were automatically created AFTER the beginning of the specified period will start the next day.

   Example: You have configured the tasks to run during the specified period from 8:00 p.m. to 7:00 a.m.: Tasks that were automatically created at 7 p.m. are started at any arbitrary time from 8:00 p.m. to 7:00 a.m. Tasks that were automatically created at 9 p.m. are started at 9 p.m. Tasks that were automatically created at 10:00 p.m. are started the next day from 8:00 p.m. to 7:00 a.m.

6. Click OK.
7. If you configure the policy settings, in the upper right corner of the group of settings, change the switch from Undefined to Forced.
8. Click OK.
9. In the policy properties window, click Save.

See also Enabling and disabling integration with Kaspersky Sandbox Configuring trusted connection on Kaspersky Endpoint Agent side Adding Kaspersky Sandbox servers to Kaspersky Endpoint Agent list Configuring the response timeout of Kaspersky Sandbox and request queue settings Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox Enabling detection of legitimate applications that can be used by cybercriminals

Page top