Monitoring the results of sending objects for scanning by Kaspersky Sandbox and running IOC scanning tasks

You can monitor the results of sending objects to be scanned by Kaspersky Sandbox and running IOC scanning tasks on hosts in the following ways:

• Enable the logging of information about events that occur when sending objects to be scanned by Kaspersky Sandbox and running IOC scanning tasks in Microsoft Windows event logs and/or Kaspersky Endpoint Security event logs.
• Enable sending event notifications.

To enable logging of event information in Microsoft Windows and/or Kaspersky Endpoint Security event logs and sending event notifications:

1. In the main window of Web Console, go to the Devices → Policies & profiles section.
2. Click the name of the Kaspersky Endpoint Security policy.
3. Go to the Application settings tab.
4. Select the General settings section.
5. Click Interface.
6. This opens a window; in this window, in the Notifications section, click Notification settings.

   Events are grouped in sections in accordance with severity levels:

   • Critical
   • Functional failure
   • Warning
   • Informational message

   Each section displays a list of event types.

7. If you want to enable the logging of information in event logs, select the Save in local report or Save in Windows Event Log check boxes.

   You can select both check boxes at the same time.

   Events that have the Save in local report check box selected are displayed in Applications and Services Logs in the Kaspersky Event Log section. Events that have the Save in Windows Event Log check box selected are displayed in Windows logs in the Application section.

   To open the Windows event logs, select Start → Control Panel → Administration → Event Viewer.

   To minimize the amount of records about repeating critical events, Kaspersky Endpoint Security logs every event the first time when it occurs and then every 25th event for the following event types: Error submitting scan task to Kaspersky Sandbox, An internal error occurred, Maximum load on Kaspersky Sandbox exceeded, The Kaspersky Sandbox node is unavailable.

8. If you want to enable the sending of event notifications:
   • Select the Notify on screen check box if you want the information about selected events to be displayed on the screen as pop-up notifications in the notification area of the Microsoft Windows taskbar.
   • Select the Notify by email check box if you want the notifications to be delivered by email.

     You can select both check boxes at the same time.

     To have the notifications delivered to an email address, you must configure the email notification delivery.

     1. In the main window of Web Console, go to the Devices → Policies & profiles section.
     2. Click the name of the Kaspersky Endpoint Security policy.
     3. Go to the Application settings tab.
     4. Select the General settings section.
     5. Click Notifications.
     6. This opens a window; in this window, in the Notifications section, click Email notification settings.
     7. Select the Send event notifications check box.
     8. Edit the notification settings.
     9. Save the settings.
9. Save your changes.

The logging of event information in Microsoft Windows and/or Kaspersky Endpoint Security event logs and sending event notifications are enabled.

See also Getting started with Kaspersky Endpoint Security Configuring the proxy server connection Configuring the integration of Kaspersky Endpoint Security with Kaspersky Sandbox Managing stand-alone IOC scanning tasks Configuring Threat Response actions of Kaspersky Endpoint Security to respond to threats detected by Kaspersky Sandbox Configuring Quarantine settings Configuring data synchronization with the Administration Server

Page top