Configuring the running of IOC scanning tasks

To configure the running of IOC scanning tasks:

1. Open the Kaspersky Security Center Administration Console.
2. In the console tree, select the Policies folder.
3. Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
   • Double-click the policy name.
   • Select Properties in the policy context menu.
   • Select the Configure policy settings item in the right part of the window.
4. In the right part of the screen, under Scanning scope, select one of the following scopes where Kaspersky Endpoint Agent will search for IOCs:
   • File areas on system drives of the device.
   • Critical file areas on the device.
5. Under Configure IOC scanning, select one of the following options for running IOC scanning tasks:
   • Manually.

     IOC scanning tasks are created automatically but are not run. You can run each task or all tasks manually.

   • Immediately after threat detection by Kaspersky Sandbox.

     IOC scanning tasks are automatically created and run.

   • Start within the specified period.

     IOC scanning tasks are created automatically and run during the specified period. For example, during out-of-office hours from 8 p.m. to 7 a.m..

     If you select the Start within the specified period option, specify the start and end of the period in the Period start time (hh:mm) and Period end time (hh:mm) fields.

     All IOC scanning tasks automatically created before the specified start time of the period are run at an arbitrary time during the specified period.

     All IOC scanning tasks automatically created during the specified period are run immediately.

     All IOC scanning tasks automatically created after the specified start time of the period are run the following day.

   Example: You configured to run the tasks during the specified period from 8:00 p.m. to 7:00 a.m.: Tasks automatically created at 19:00 are launched at an arbitrary time from 8:00 p.m. to 7:00 a.m. Tasks automatically created at 9:00 p.m. are run at 9:00 p.m. Tasks automatically created at 10:00 p.m. are run on the following day from 8:00 p.m. to 7:00 a.m.

6. Click OK.
7. If you are configuring policy settings, in the upper right corner of the group of settings, move the switch from Underined to Enforce.
8. Click OK.
9. In the policy properties window, click Save.

Running of IOC scanning task is configured.

See also Enabling and disabling Threat Response actions for threats detected by Kaspersky Sandbox Adding Threat Response actions to the action list of the current policy Authentication for Threat Response group tasks at the Administration Server Enabling detection of legitimate applications that can be used by cybercriminals

Page top