Adding Threat Response actions to the action list of the current policy
To add Threat Response actions to the list of actions of the current policy:
Open the Kaspersky Security Center Administration Console.
In the console tree, select the Policies folder.
Select the necessary policy and double-click it to open its properties.
Under Kaspersky Sandbox integration, select Threat response.
Under Actions, select the Take response actions on threats, detected by Kaspersky Sandbox check box if it is not selected.
Click Add and in the drop-down list, select one of the following actions:
Quarantine and delete. Local action. Performed on the workstation where the threat is detected.
Notify workstation user. Local action. Performed on the workstation where the threat is detected.
Push Endpoint Protection Platform (EPP) scanning on critical areas. Local action. Performed on the workstation where the threat is detected.
Run IOC scanning on a managed group of hosts. Group action. Performed on all workstations in the administration group.
Quarantine and delete after IOC is found. Group action. Performed on all workstations in the administration group.
Push Endpoint Protection Platform (EPP) scanning on critical areas after IOC is found. Group action. Performed on all workstations in the administration group.
The action is added to the Current actions list.
If you configure Threat Response actions, keep in mind that execution of some of the configured actions can result in the threatening object being deleted from the workstation where it was detected.
If you want to remove an action, select it in the table and click Remove.
In the upper right corner of the settings group, move the toggle switch from Unaffected by policy to Under policy.