While executing IOC Scan tasks Kaspersky Endpoint Agent uses IOC files (indicators of compromise files of the OpenIOC open description standard) to search for these indicators on devices.
Standard IOC Scan tasks are group or local tasks that are created and configured manually in Kaspersky Security Center or through the command line interface. IOC files prepared by the user are used to run the tasks.
Autonomous IOC Scan tasks are group tasks that are created automatically in response to the threats detected by Kaspersky Sandbox. Kaspersky Endpoint Agent generates an IOC file automatically. Operations with custom IOC files are not supported. Tasks are automatically deleted in seven days after the last start or after creation if tasks were never started. For more information about autonomous IOC Scan tasks, see Kaspersky Sandbox Help.
You can specify the following actions to respond to the detected IOCs (not available when running the tasks from the command line):
Not available for Autonomous IOC Scan tasks.
The task execution report the can be viewed in the task execution results as a pivot table, and on the IOC incident card.
The results of group IOC Scan tasks execution can be viewed in Kaspersky Security Center within 7 days since the task execution completed, or until the task is removed.
Page top