Configuring an autonomous IOC scanning task

To configure the IOC scanning task:

1. In the main window of Web Console, select the Devices → Tasks folder.
2. This opens a list of tasks; in this list, select the IOC scanning task.
3. Modify the following task settings:
   • Task name.
     1. On the General tab, in the Task name field, enter the name of the task.
     2. Click Save.
   • Storage duration of task results on the Administration Server.
     1. Go to the Settings tab.
     2. In the Notifications field, click Settings.
     3. In the Store in the Administration Server database for (days) field, enter the number of days during which the Administration Server must store the results of the task.
     4. Click Save.
   • IOC scanning settings.
     1. Go to the Application settings tab.
     2. Select the IOC scan settings section.
     3. Select the Take response actions after an IOC is found.
     4. Select one or more Threat Response actions applied to IOC detections:
        • Move copy to Quarantine, delete object. If this option is selected, Kaspersky Endpoint Security deletes the malicious object found on the computer. Before deleting the object, Kaspersky Endpoint Security creates a backup copy in case the object needs to be restored later. Kaspersky Endpoint Security moves the backup copy to Quarantine.
        • Run scan of critical areas. If this option is selected, Kaspersky Endpoint Security runs the Critical Areas Scan task. By default, Kaspersky Endpoint Security scans the kernel memory, running processes, and disk boot sectors.
     5. Click Save.
   • IOC scanning task schedule.
     1. Go to the Schedule tab.
     2. In the Run on a schedule list, select one of the following option for running the task on a schedule:
        • Once.

          The task is run once at the specified date and time.

        • Every N minutes.

          The task is run regularly with the specified interval in minutes, starting with the specified time on the day when the task is created.

          By default, the task is run every 30 minutes starting from the current system time.

        • Every N hours.

          The task is run regularly with the specified interval in hours, starting with the specified date and time.

          By default, the task is run every six hours starting from the current system date and time.

        • Every N days.

          The task is run regularly with the specified interval in days. You can also specify the date and time when the task must be run for the first time.

          By default, the task is run every day starting from the current system date and time.

        • Weekly.

          The task is run weekly on the specified day of the week and at the specified time.

        • Monthly.

          The task is run regularly, on specified days of each month, at the specified time.

          By default, days of the month are not selected, and the default start time is 18:00:00.

     3. If you want to modify advanced settings of the schedule, in the Advanced task properties section, you can select the following check boxes:
        • If you want the application to run missed database update tasks at the earliest opportunity, select the Run missed tasks check box.
        • If you want to prevent many workstations connecting to the Administration Server at the same time by running tasks randomly within a certain time frame rather than on a schedule, select the Use automatically randomized delay for task starts check box.
        • If you want to prevent many workstations connecting to the Administration Server at the same time by running tasks randomly within a certain time frame rather than on a schedule:
          1. Select the Use random task start delay in the interval (min) check box.
          2. Enter the value of the interval.
     4. Click Save.
   • Viewing IOC scanning task results.
     1. Go to the Application settings tab.
     2. Select the IOC scanning results section.

        This opens the IOC scanning results table.

   • Kaspersky Security Center user account that you want to use to run the task.
     1. Go to the Settings tab.
     2. In the Account field, click Settings.
     3. Select an account for running the task.

        You can select the default account or create an account:

        • If you select the default account, the task is run under the same account that was used to install and run the application that runs the task.
        • If you choose to create an account, enter the credentials of the account to use for running the task. The account must have sufficient permissions to run the task.
     4. Click Save.
   • Excluding host groups from task scope.
     1. Go to the Settings tab.
     2. In the Exclusions from task scope field, click Settings.
     3. Select device groups to which the task will not be applied.

        You can only exclude groups that are subgroups of the administration group to which the task is applied.

4. Save all changes.

The IOC scanning task is configured.

See also About autonomous IOC scanning tasks Viewing information about an IOC detection Establishing a background connection between Kaspersky Security Center Web Console and the Administration Server

Page top