Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox

Kaspersky Endpoint Agent can perform Threat Response actions in response to threats detected by Kaspersky Sandbox.

You can configure the following types of actions:

Local actions:

Group actions:

To configure group Threat Response actions, you must configure permissions for Kaspersky Security Center Web Console users accounts that you want to use to manage IOC scanning tasks.

If you configure Threat Response actions, keep in mind that execution of some of the configured actions can result in the threatening object being deleted from the workstation where it was detected.

See also

Getting started with Kaspersky Endpoint Agent

Configuring Kaspersky Endpoint Agent security settings

Configuring proxy server connection settings

Configuring the usage of Kaspersky Security Network

Configuring the integration of Kaspersky Endpoint Agent with Kaspersky Sandbox

Configuring Quarantine settings and restoration of objects from Quarantine

Configuring data synchronization with the Administration Server

Managing Kaspersky Endpoint Agent tasks

In this Help section

Enabling and disabling Threat Response actions for threats detected by Kaspersky Sandbox

Adding Threat Response actions to the action list of the current policy

Authentication for Threat Response group tasks at the Administration Server

Enabling detection of legitimate applications that can be used by cybercriminals

Configuring the running of IOC scanning tasks

Page top