Enabling detection of legitimate applications that can be used by cybercriminals

You can enable detection of legitimate applications, which can be exploited by adversaries to cause harm to your corporate LAN. Kaspersky Endpoint Agent considers such applications a threat and subjects them to Threat Response actions.

Legitimate applications are applications that may be installed and used on workstations and are intended for performing user tasks. However, certain types of legitimate applications can be exploited by hackers to harm the workstation or the corporate LAN. If adversaries gain access to these applications, or if they plant them on the workstation, they can use some of the features to compromise the security of the workstation or the corporate LAN.

These applications include IRC clients, auto-dialers, file downloaders, computer system activity monitors, password management utilities, and web servers for FTP, HTTP, or Telnet services.

If you want to enable detection of such applications:

Open the Kaspersky Security Center Administration Console.
In the console tree, select the Policies folder.
Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
- Double-click the policy name.
- Select Properties in the policy context menu.
- Select the Configure policy settings item in the right part of the window.
In the Kaspersky Sandbox integration section select the Threat response subsection.
Under Additional, select the Enable detection of legitimate applications that can be exploited by adversaries check box.
In the upper right corner of the settings group, change the switch from Unaffected by policy to Under policy.
Click Apply button and then click OK.

Detection of legitimate applications, which can be exploited by adversaries to cause harm to your corporate LAN, is enabled.