Modifying the action taken when an Adaptive Anomaly Control rule is triggered

To edit the action that is taken when an Adaptive Anomaly Control rule is triggered:

  1. In the main application window, click the Settings button.
  2. In the left part of the window, in the Security Controls section, select the Adaptive Anomaly Control subsection.

    The settings of the Adaptive Anomaly Control component are displayed in the right part of the window.

  3. In the table in the right part of the window, select the rule and perform one of the following actions:
    • In the Action column, right-click to display the context menu and select one of the following:
      • Smart. If this option is selected, the Adaptive Anomaly Control rule works in Smart training mode for a period of time defined by Kaspersky experts. In this mode, when an Adaptive Anomaly Control rule is triggered, Kaspersky Endpoint Security allows the activity covered by the rule and logs an entry in the Triggering of rules in Smart Training mode storage of the Kaspersky Security Center Administration Server. When the time period set for working in Smart Training mode ends, Kaspersky Endpoint Security blocks the activity covered by an Adaptive Anomaly Control rule and logs an entry containing information about the activity.
      • Block. If this action is selected, when an Adaptive Anomaly Control rule is triggered Kaspersky Endpoint Security blocks the activity covered by the rule and logs an entry containing information about the activity.
      • Inform. If this action is selected, when an Adaptive Anomaly Control rule is triggered Kaspersky Endpoint Security allows the activity covered by the rule and logs an entry containing information about the activity.
    • Click the Edit button.

      In the Adaptive Anomaly Control rule window:

      1. In the Action when rule is triggered section, select one of the following options:
        • Smart. If this option is selected, the Adaptive Anomaly Control rule works in Smart training mode for a period of time defined by Kaspersky experts. In this mode, when an Adaptive Anomaly Control rule is triggered, Kaspersky Endpoint Security allows the activity covered by the rule and logs an entry in the Triggering of rules in Smart Training mode storage of the Kaspersky Security Center Administration Server. When the time period set for working in Smart Training mode ends, Kaspersky Endpoint Security blocks the activity covered by an Adaptive Anomaly Control rule and logs an entry containing information about the activity.
        • Block. If this option is selected, when an Adaptive Anomaly Control rule is triggered Kaspersky Endpoint Security blocks the activity covered by the rule and logs an entry containing information about the activity.
        • Inform. If this option is selected, when an Adaptive Anomaly Control rule is triggered Kaspersky Endpoint Security allows the activity covered by the rule and logs an entry containing information about the activity.
      2. In the Adaptive Anomaly Control rule window, click OK.
  4. To save changes, click the Save button.
Page top