Modifying the action taken when an Adaptive Anomaly Control rule is triggered
To edit the action that is taken when an Adaptive Anomaly Control rule is triggered:
In the lower part of the main application window, click the button.
In the application settings window, select Protection → Security Controls → Adaptive Anomaly Control.
In the Rules block, click the Edit rules button.
The Adaptive Anomaly Control rule list opens.
Select a rule in the table.
Click the Edit button.
The Adaptive Anomaly Control rule properties window opens.
In the Action block, select one of the following options:
Smart. If this option is selected, the Adaptive Anomaly Control rule works in Smart training mode for a period of time defined by Kaspersky experts. In this mode, when an Adaptive Anomaly Control rule is triggered, Kaspersky Endpoint Security allows the activity covered by the rule and logs an entry in the Triggering of rules in Smart Training mode storage of the Kaspersky Security Center Administration Server. When the time period set for working in Smart Training mode ends, Kaspersky Endpoint Security blocks the activity covered by an Adaptive Anomaly Control rule and logs an entry containing information about the activity.
Block. If this action is selected, when an Adaptive Anomaly Control rule is triggered Kaspersky Endpoint Security blocks the activity covered by the rule and logs an entry containing information about the activity.
Inform. If this action is selected, when an Adaptive Anomaly Control rule is triggered Kaspersky Endpoint Security allows the activity covered by the rule and logs an entry containing information about the activity.