Protection of workstations from legitimate applications that can be exploited by adversaries

You can enable detection of legitimate applications, which can be exploited by adversaries to cause harm to your corporate LAN. Kaspersky Endpoint Agent considers such applications a threat and subjects them to Threat Response actions.

Legitimate applications are applications that may be installed and used on workstations and are intended for performing user tasks. However, certain types of legitimate applications can be exploited by hackers to harm the workstation or the corporate LAN. If adversaries gain access to these applications, or if they plant them on the workstation, they can use some of the features to compromise the security of the workstation or the corporate LAN.

These applications include IRC clients, auto-dialers, file downloaders, computer system activity monitors, password management utilities, and web servers for FTP, HTTP, or Telnet services.

If you want to enable detection of such applications:

1. Open the Kaspersky Security Center Administration Console.
2. In the console tree, select the Policies folder.
3. Select the necessary policy and double-click it to open its properties.
4. Under Kaspersky Sandbox integration, select Threat response.
5. Under Additional, select the Enable detection of legitimate applications, which can be exploited by adversaries check box.
6. In the upper right corner of the settings group, move the toggle switch from Unaffected by policy to Under policy.
7. Click Apply and OK.

Detection of legitimate applications, which can be exploited by adversaries to cause harm to your corporate LAN, is enabled.

See also Enabling and disabling Threat Response actions Adding Threat Response actions to the action list of the current policy Authentication for Threat Response group tasks at the Administration Server Configuring the running of IOC scanning tasks

Page top