Kaspersky Anti Targeted Attack Platform (KATA)

Kaspersky Anti Targeted Attack Platform (hereinafter also referred to as "KATA") is a solution designed for timely detection of sophisticated threats such as targeted attacks, advanced persistent threats (APT), zero-day attacks, and others. The Endpoint Sensor component is designed to support interaction with KATA. Endpoint Sensor is included in Endpoint Agent. For integration with KATA, select the Endpoint Agent component during installation of the application (for example, in the installation package). After the application is installed, the Endpoint Sensor settings will be available in a policy. You can remove Endpoint Sensor only together with Kaspersky Endpoint Security.

If the Endpoint Sensor component was installed on the computer by using KATA deployment tools, the component will be reinstalled. Endpoint Sensor will be configured according to the policy of Kaspersky Endpoint Security for Windows.

Endpoint Sensor is installed on client computers. On these computers, the component constantly monitors processes, active network connections, and files that are modified. Endpoint Sensor relays information to the KATA server.

The component functionality is available under the following operating systems:

• Windows 7 Enterprise Service Pack 1;
• Windows 8.1.1 Enterprise;
• Windows 10 RS3 / RS4 / RS5 / 19H1;
• Windows Server 2008 R2 Enterprise (64-bit);
• Windows Server 2012 Standard / R2 Standard (64-bit);
• Windows Server 2016 Standard (64-bit).

For detailed information on KATA operation, please refer to the Kaspersky Anti Targeted Attack Platform Help Guide.

Inbound connections to computers with the Endpoint Sensor component must be allowed from the KATA server directly, without a proxy server.

To enable or disable the Endpoint Sensor component:

1. Open the Kaspersky Security Center Administration Console.
2. In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
3. In the workspace, select the Policies tab.
4. Select the necessary policy and double-click to open the policy properties.
5. Select the Endpoint Sensor section.
6. Do one of the following:
   • If you want to enable Endpoint Sensor, select the Endpoint Sensor check box.
   • If you want to disable Endpoint Sensor, clear the Endpoint Sensor check box.
7. If you selected the check box at the previous step:
   1. In the Server address field, specify the Kaspersky Anti Targeted Attack Platform server address consisting of the following parts:
      1. Protocol name
      2. IP address or fully qualified domain name (FQDN) of the server
      3. Path to the Windows Event Collector on the server
   2. In the Port field, specify the port number that is used to connect to the Kaspersky Anti Targeted Attack Platform server.
8. Click OK.

Page top