IOC scanning tasks are automatically created on the Kaspersky Security Center server if the Run IOC scanning on a managed group of hosts Threat Response action is configured in Kaspersky Endpoint Agent policies.
You cannot create IOC scanning tasks manually in the current version of the application.
You can view the list of tasks, remove unused tasks from the list, view task results, run tasks manually, configure task result storage duration, and configure IOC scanning task running settings.
Automatically created tasks are accumulated on the Kaspersky Security Center server. The administrator of the application should make sure the list does not contain more than 1000 tasks and periodically remove tasks from the list manually.
By default, IOC scanning tasks are stored on the Kaspersky Security Center server for 7 days after last run.
Kaspersky Endpoint Agent deletes automatically created IOC scanning tasks if the KEA application has been operating on at least one workstation for 7 or more days and one the following conditions has been met:
Kaspersky Endpoint Agent deletes the IOC scanning task regardless of which workstation the object was first detected on and whether the Threat Response action was executed. The deleted task becomes unavailable for all workstations in the administration group.
Unused IOC scanning tasks are deleted automatically. The user cannot configure settings of automatic IOC scanning task deletion.
If IOC scanning task deletion works incorrectly or you want to modify the behavior of the application, contact Kaspersky Technical Support.
By default, the IOC scanning task stores ALL types of events resulting from running group tasks. By default, IOC scanning task results are stored for 7 days. You can modify the storage duration of task results.
It is not recommended to change default task result storage settings or to shorten the storage duration of IOC scanning task results.