If Kaspersky Sandbox detects a threat, Kaspersky Endpoint Security automatically creates IOC scanning tasks (MD5 hashes of objects in which the threat was found) for all workstations.
To view the task list in Web Console,
in the main window of Web Console, go to the Devices → Tasks section.
A list of tasks appears.
You can configure the running of such tasks.
To configure the running of IOC scanning tasks:
In the main window of Web Console, select the Devices → Policies & profiles section.
Click the name of the Kaspersky Endpoint Security policy.
This opens the policy properties window.
Select the Application settings tab.
Go to the Detection and Response → Kaspersky Sandbox section.
Under Run IOC scanning task, select one of the following options for running IOC scanning tasks:
Manually. This mode lets you run the IOC scanning task manually at an arbitrary time.
After threat is detected. In this mode, Kaspersky Endpoint Security runs the IOC scanning task automatically when a threat is detected.
Run only when the computer is idle. In this mode, Kaspersky Endpoint Security runs the IOC scanning task when a screensaver is active or the computer is locked. If the user unlocks the computer, Kaspersky Endpoint Security pauses the task. Therefore, the application can run the task for several days.
Kaspersky Endpoint Security can run the task for several days.
Under IOC scanning area, select one of the following options for the IOC scanning area:
Critical file areas. If this option is selected, Kaspersky Endpoint Security performs an IOC scanning only in important file areas of the computer: the kernel memory and boot sectors.
File areas on system drives of the computer. If this option is selected, Kaspersky Endpoint performs an IOC scanning on the system disk of the computer.