By default, Kaspersky Endpoint Agent collects network traffic coming to the computer's network interfaces and intended for the computer on which the application is installed. In SPAN port mode, the mode of promiscuous reception of network traffic from all available subnets is enabled for the network interfaces of the computer with the installed application. The application generates extended telemetry based on the collected network traffic.
To enable and configure settings for advanced telemetry collection:
cd command, navigate to the folder where the Agent.exe file is located.For example, enter the command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\" and press ENTER.
agent.exe --virtual-span {show|enable|disable|add --subnet <subnet address> --subnet-mask <subnet mask>|remove --rule-id <subnet ID>}
Settings of the agent.exe --virtual-span command to enable and configure advanced telemetry collection
Setting |
Description |
|---|---|
|
Displays setting values for advanced telemetry collection. |
|
Enables promiscuous mode of receiving network traffic from all available subnets for the network interfaces of the computer with the application installed, configured for the subnet specified using the If no subnets are added, the command enables promiscuous mode of receiving network traffic from all available subnets for all network interfaces of the computer with the application installed. |
|
Disables the promiscuous mode of receiving network traffic from all available subnets for the computer network interfaces for which the promiscuous mode of receiving network traffic is enabled. |
|
Adds a subnet with a specified IPv4 address and mask. |
|
Deletes the subnet with the specified ID. The list of added subnets and their IDs can be displayed using the |