Autonomous IOC scanning tasks are automatically created on the Kaspersky Security Center server if the Create IOC scanning task Threat Response action is configured in Kaspersky Endpoint Security policies. To enable automatic creation of IOC scanning tasks, you must also establish a background connection of Kaspersky Security Center Web Console with the Administration Server.
You can view the list of tasks, remove unused tasks from the list, view task results, run tasks manually, configure autonomous IOC scanning tasks.
By default, autonomous IOC scanning tasks are stored on the Kaspersky Security Center server for 7 days after last run. If the number of tasks exceeds 100, the tasks are rotated.
Kaspersky Endpoint Security deletes the autonomous IOC scanning task regardless of which workstation the object was first detected on and whether the Threat Response action was executed. The deleted task becomes unavailable for all workstations in the administration group.
Unused autonomous IOC scanning tasks are deleted automatically. The user cannot configure settings of automatic task deletion.
If autonomous IOC scanning task deletion works incorrectly or you want to modify the behavior of the application, contact Kaspersky Technical Support.
By default, the autonomous IOC scanning task stores all types of events resulting from running group tasks. By default, autonomous IOC scanning task results are stored for 30 days. You can modify the storage duration of task results.
It is not recommended to change default task result storage settings or to shorten the storage duration of autonomous IOC scanning task results.