Monitoring Adaptive Anomaly Control operations

Adaptive Anomaly Control includes several monitoring tools. The main purpose of monitoring Adaptive Anomaly Control is to configure the component while training.

Adaptive Anomaly Control reports

Adaptive Anomaly Control uses the following reports:

How to view Adaptive Anomaly Control reports in the Administration Console (MMC)

How to view Adaptive Anomaly Control reports in the Web Console

To generate reports in the Kaspersky Security Center console, you must enable data transfer to Administration Server. Data transfer is enabled by default.

How to enable data transfer for Adaptive Anomaly Control in the Administration Console (MMC)

How to enable data transfer for Adaptive Anomaly Control in the Web Console

Rule triggers in Smart Training state storage

In training mode, Adaptive Anomaly Control sends information about triggered rules to a separate storage, Rule triggers in Smart Training state. Information about triggered rules is represented in the storage as a list of events. To tune Adaptive Anomaly Control, you can either confirm the atypical behavior on the computer or add an exclusion from the rule.

Adaptive Anomaly Control events

Adaptive Anomaly Control logs rule trigger events in the Block (including Smart Block) and Notify modes. The following events are provided for this purpose:

Critical event icon. Process action blocked

Informational event icon. Process action skipped

Events contain information about the suspicious activity including file checksums, the users involved, the rule triggering time, and the computer name. After analyzing the event, you can immediately add exclusions from the rule if you find the activity to be legitimate.

Page top