Authentication for Threat Response group tasks at the Administration Server

If you want Kaspersky Endpoint Agent to create autonomous IOC Scan tasks when responding to threats, you must configure authentication on the Administration Server.

The application uses a special Administration Server user account, which has limited permissions and is intended only for creating Autonomous IOC Scan tasks.

The special account can only be created in the Threat Response window in Kaspersky Endpoint Agent policy properties or in the application properties of an individual device. The special account must be created on the Administration Server only once and its password must be used to configure Threat Response settings in the properties of other devices or other policies of the same Administration Server.

It is not possible to change the password of the special account created for Autonomous IOC Scan tasks. If you forget the password of this account, delete it using standard Kaspersky Security Center tools and create it again in the Threat response window.

To authenticate at the Administration Server:

  1. Open the Kaspersky Security Center Administration Console.
  2. In the console tree, select the Policies folder.
  3. Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
    • Double-click the policy name.
    • Select Properties in the policy context menu.
    • Select the Configure policy settings item in the right part of the window.
  4. In the Kaspersky Sandbox integration section select the Threat response subsection.
  5. To check for availability of a special account for Autonomous IOC Scan tasks, or to create such account:
    1. In the Authentication on Administration Server group of settings, click the Check for the user button.
    2. The settings in the Authentication on Administration Server group are editable only if the Run IOC Scan for a managed group of devices option is selected in the Selected actions list.
    3. In the window that opens, in the Connection to Administration Server group of settings, enter the data for connecting to the Administration Server, as well as login and password of the Administration Server account having the permissions to create new users.
    4. Click the Connect and check for the user button.
    5. In the pop-up window, review the information on availability of a special account and close it.
    6. If the account does not exist and you want to create it, in the Password field of the Creating special user for Autonomous IOC Scan tasks group of settings, specify a password with the length of 8–16 characters and click the Create special user button.
    7. The Creating special user for Autonomous IOC Scan tasks group of settings becomes editable only after existence of a special account is checked.
    8. Click Exit to close the Administration Server user for Autonomous IOC Scan tasks window.
  6. In the Administration Server user name field of the Authentication on Administration Server group of settings, enter the password for the special account created for the Autonomous IOC Scan tasks.
  7. In the upper right corner of the settings group, change the switch from Unaffected by policy to Under policy.
  8. Click OK.

Authentication on the Administration Server for Autonomous IOC Scan tasks is configured.

See also

Enabling and disabling Threat Response actions for threats detected by Kaspersky Sandbox

Adding Threat Response actions to the action list of the current policy

Enabling detection of legitimate applications that can be used by cybercriminals

Configuring the running of IOC scanning tasks
Page top