Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox

Kaspersky Endpoint Agent can perform Threat Response actions in response to threats detected by Kaspersky Sandbox.

You can configure the following types of actions:

Local actions:

Group actions:

To configure group Threat Response actions, you must configure user permissions for KSC users accounts that you want to use to manage IOC scanning tasks.

If you configure Threat Response actions, keep in mind that execution of some of the configured actions can result in the threatening object being deleted from the workstation where it was detected.

See also

Installing Kaspersky Endpoint Agent

Installing the Kaspersky Endpoint Agent management plug-in

Creating a Kaspersky Endpoint Agent policy

Enabling settings in the Kaspersky Endpoint Agent policy

Configuring Kaspersky Endpoint Agent security settings

Configuring proxy server connection settings

Configuring the usage of Kaspersky Security Network

Configuring the integration of Kaspersky Endpoint Agent with Kaspersky Sandbox

Configuring Quarantine settings and restoration of objects from Quarantine

Configuring data synchronization with the Administration Server

Managing Kaspersky Endpoint Agent tasks

Managing the Kaspersky Endpoint Agent application using the command line interface

In this Help section

Enabling and disabling Threat Response actions

Adding Threat Response actions to the action list of the current policy

Authentication for Threat Response group tasks at the Administration Server

Protection of workstations from legitimate applications that can be exploited by adversaries

Configuring the running of IOC scanning tasks

Page top