Kaspersky Sandbox
- Kaspersky Sandbox Online Help
- About the Kaspersky Sandbox solution
- About the Kaspersky Sandbox application
- What's New
- Distribution kit
- Hardware and software requirements
- Limitations of the current version
- Application licensing
- About the license
- About the End User License Agreement
- About the license certificate
- About the subscription
- About the key
- About the key file
- About the activation code
- Viewing license information in the web interface
- Viewing the text of the End User License Agreement and the Privacy Policy in the web interface
- Activating the application using the web interface
- Activating the application using Kaspersky Security Center Web Console
- Application modes based on the license
- About data provision
- Installing and performing initial configuration of the solution
- Preparing the IT infrastructure for Kaspersky Sandbox installation
- Setting up Kaspersky Sandbox for virtual infrastructure
- Installing and configuring applications of the solution when using EPP applications with built-in Kaspersky Sandbox support
- Installing and configuring applications of the solution when using EPP applications without built-in Kaspersky Sandbox support
- Installing the Kaspersky Sandbox application
- Verifying the digital signature
- Step 1. Starting installation of the Kaspersky Sandbox application and selecting the language for viewing End User License Agreements
- Step 2. Viewing the Kaspersky Sandbox End User License Agreement and the Privacy Policy
- Step 3. Viewing the Microsoft End User License Agreement
- Step 4. Viewing the Adobe End User License Agreement
- Step 5. Basic setup of Kaspersky Sandbox
- Step 6. Completing the installation of Kaspersky Sandbox.
- Scaling Kaspersky Sandbox
- Getting started with Kaspersky Sandbox
- Managing the Kaspersky Sandbox application using the web interface
- Initial configuration of the application
- Monitoring of application operation
- Information about self diagnostics of the application in Kaspersky Sandbox web interface
- Information about database update state in Kaspersky Sandbox web interface
- Information about the application activation state and the license validity period in the Kaspersky Sandbox web interface
- Configuring the data display period on the widget in the Kaspersky Sandbox web interface
- Monitoring the processing of objects received from Kaspersky Endpoint Security in the Kaspersky Sandbox web interface
- Database update
- Configuring network interfaces
- Configuring integration with Kaspersky Security Center
- Creating a TLS certificate of Kaspersky Sandbox web interface
- Setting the date and time
- Installing and configuring images of operating systems and software required for the operation of Kaspersky Sandbox
- Managing the cluster
- Creating a new cluster
- Limitations that apply when adding servers to the cluster
- Viewing the server table of the cluster
- Monitoring the status of servers in the cluster
- Adding a server to the cluster
- Removing a server from a cluster
- Deleting the cluster
- Modifying the IP address of a server that is part of a cluster
- Downloading Kaspersky Sandbox system log to the hard drive
- Restarting Kaspersky Sandbox server
- Shutdown of Kaspersky Sandbox server
- Changing Kaspersky Sandbox administrator account password
- Managing Kaspersky Sandbox using Kaspersky Security Center Web Console
- Installing the Kaspersky Sandbox management web plug-in
- Configuring Kaspersky Sandbox device status display
- Kaspersky Sandbox event configuration
- Getting started with Kaspersky Sandbox in Kaspersky Security Center Web Console
- Viewing information about Kaspersky Sandbox and the database update status
- Going to the Kaspersky Sandbox web interface
- Viewing Kaspersky Sandbox license information
- Displaying information about the Kaspersky Sandbox management web plug-in
- Viewing the threat report
- Monitoring the processing of objects received from Kaspersky Endpoint Security
- Managing Kaspersky Endpoint Security for Windows
- Getting started with Kaspersky Endpoint Security
- Configuring the proxy server connection
- Configuring the integration of Kaspersky Endpoint Security with Kaspersky Sandbox
- Managing stand-alone IOC scanning tasks
- Configuring Threat Response actions of Kaspersky Endpoint Security to respond to threats detected by Kaspersky Sandbox
- Configuring Quarantine settings
- Configuring data synchronization with the Administration Server
- Monitoring the results of sending objects for scanning by Kaspersky Sandbox and running IOC scanning tasks
- Managing Kaspersky Endpoint Agent for Windows
- Getting started with Kaspersky Endpoint Agent
- Configuring Kaspersky Endpoint Agent security settings
- Configuring the proxy server connection
- Configuring the usage of Kaspersky Security Network
- Configuring the integration of Kaspersky Endpoint Agent with Kaspersky Sandbox
- Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox
- Enabling and disabling Threat Response actions for threats detected by Kaspersky Sandbox
- Adding Threat Response actions to the action list of the current policy
- Authentication for Threat Response group tasks at the Administration Server
- Enabling detection of legitimate applications that can be used by cybercriminals
- Configuring the running of IOC scanning tasks
- Configuring Quarantine settings and restoration of objects from Quarantine
- Configuring data synchronization with the Administration Server
- Managing Kaspersky Endpoint Agent tasks
- Interaction with external systems using the API
- Multitenancy
- Contacting the Technical Support Service
- Glossary
- Basic concepts of Kaspersky Security Center relevant to managing the solution using KSC
- Information about third-party code
- Trademark notices
Managing Kaspersky Endpoint Agent for Windows > Managing Kaspersky Endpoint Agent tasks > Managing IOC scanning tasks > Configuring an autonomous IOC scanning task
Configuring an autonomous IOC scanning task
Configuring an autonomous IOC scanning task
To configure IOC scanning task settings:
- Open the Kaspersky Security Center Administration Console.
- In the console tree, select the Tasks folder.
A list of task appears.
- Under Run IOC scan, select the task in the list and right-click to open the task action menu.
- Select the Properties menu item.
This opens the task properties window.
- In the left part of the window, select the section of settings that you want to modify.
- In the right part of the window, make the necessary modifications and click Apply and OK.
You can configure the following task settings:
- Task name
Do the following:
- Select the General section.
- Edit the name of the task in the top row.
- Storage duration of task results on the Administration Server
Do the following:
- Select the Notification section.
- Under Save result information, make sure the On Administration Server for (days) check box is selected and enter the number of days you want the task result to be stored.
By default, the task result is stored on the Administration Server for 7 days.
- Application actions on IOC detection
To configure the application actions on IOC detection:
- Select the IOC Scan settings section.
- In the Actions group of settings, select the Take response actions when indicator of compromise is found check box.
- Select the Quarantine and delete check box to quarantine the detected object and remove it from the device.
- Select the Send a command to Endpoint Protection Platform to scan the critical areas check box so that Kaspersky Endpoint Agent sends a command to EPP application to scan critical areas on all the devices of the administration group on which the object is detected.
- Click Apply.
- IOC scanning task schedule
Do the following:
- In the Task schedule section, select the Run by schedule check box.
- In the Frequency list select one of the following options to run the tasks: At specified time, Every hour, Every day, Every week, On application launch or After the application database update.
- If you select the At specified time option, specify the day and time to start the task in the Run by schedule section.
- If you select one of the following options: Every hour, Every day or Every week, configure the following settings in the Run by schedule section:
- In the Every list, select the task run frequency. For example, 1 time per day or 2 times per week on Tuesdays and Thursdays.
- In the Time and Date lists, select the date and time from which the schedule applies.
- To configure advanced schedule settings, click the Advanced button and perform the following actions in the Advanced window:
- If you want to set maximum timeout for the task execution, select the Stop tasks that run longer than check box and specify the number of hours and minutes after which the task will automatically terminate.
- If you want the task schedule to be valid until a certain date, select the Cancel schedule from check box and specify the expiration date for the schedule.
- If you want the application to run missed database update tasks at the earliest opportunity, select the Run missed tasks check box.
- If you want to avoid simultaneous access of a large number of workstations to the Administration Server as well as to run the task on workstations not precisely according to the schedule, but randomly within a certain time interval, select the Randomize the task start time within the interval check box and specify the start interval in minutes.
- Click OK.
Click OK.
- Selecting the Kaspersky Security Center user account that you want to use to run the task
In the Selecting an account to run the task window, do one of the following:
- Select the default account and click Next.
- Enter the name and password of the user account that you want to use for running the task.
- Excluding host groups from task scope
To exclude groups of devices from the task scope, in the Exclusions from task scope section, select the groups of devices to which the task will not be applied.
You can only exclude groups that are subgroups of the administration group to which the task is applied.
See also About autonomous IOC scanning tasks |
Article ID: 191489, Last review: Aug 12, 2022