Configuring an autonomous IOC scanning task

To configure IOC scanning task settings:

Open the Kaspersky Security Center Administration Console.
In the console tree, select the Tasks folder.
A list of task appears.
Under Run IOC scan, select the task in the list and right-click to open the task action menu.
Select the Properties menu item.
This opens the task properties window.
In the left part of the window, select the section of settings that you want to modify.
In the right part of the window, make the necessary modifications and click Apply and OK.

You can configure the following task settings:

Task name
Do the following:
1. Select the General section.
2. Edit the name of the task in the top row.
Storage duration of task results on the Administration Server
Do the following:
1. Select the Notification section.
2. Under Save result information, make sure the On Administration Server for (days) check box is selected and enter the number of days you want the task result to be stored.
  By default, the task result is stored on the Administration Server for 7 days.
Application actions on IOC detection
To configure the application actions on IOC detection:
1. Select the IOC Scan settings section.
2. In the Actions group of settings, select the Take response actions when indicator of compromise is found check box.
3. Select the Quarantine and delete check box to quarantine the detected object and remove it from the device.
4. Select the Send a command to Endpoint Protection Platform to scan the critical areas check box so that Kaspersky Endpoint Agent sends a command to EPP application to scan critical areas on all the devices of the administration group on which the object is detected.
5. Click Apply.
IOC scanning task schedule
Do the following:
1. In the Task schedule section, select the Run by schedule check box.
2. In the Frequency list select one of the following options to run the tasks: At specified time, Every hour, Every day, Every week, On application launch or After the application database update.
3. If you select the At specified time option, specify the day and time to start the task in the Run by schedule section.
4. If you select one of the following options: Every hour, Every day or Every week, configure the following settings in the Run by schedule section:
  1. In the Every list, select the task run frequency. For example, 1 time per day or 2 times per week on Tuesdays and Thursdays.
  2. In the Time and Date lists, select the date and time from which the schedule applies.
5. To configure advanced schedule settings, click the Advanced button and perform the following actions in the Advanced window:
  1. If you want to set maximum timeout for the task execution, select the Stop tasks that run longer than check box and specify the number of hours and minutes after which the task will automatically terminate.
  2. If you want the task schedule to be valid until a certain date, select the Cancel schedule from check box and specify the expiration date for the schedule.
  3. If you want the application to run missed database update tasks at the earliest opportunity, select the Run missed tasks check box.
  4. If you want to avoid simultaneous access of a large number of workstations to the Administration Server as well as to run the task on workstations not precisely according to the schedule, but randomly within a certain time interval, select the Randomize the task start time within the interval check box and specify the start interval in minutes.
6. Click OK.
  Click OK.
Selecting the Kaspersky Security Center user account that you want to use to run the task
In the Selecting an account to run the task window, do one of the following:
- Select the default account and click Next.
- Enter the name and password of the user account that you want to use for running the task.
Excluding host groups from task scope
To exclude groups of devices from the task scope, in the Exclusions from task scope section, select the groups of devices to which the task will not be applied.

You can only exclude groups that are subgroups of the administration group to which the task is applied.