Viewing the list of detections performed using Adaptive Anomaly Control rules

Expand all | Collapse all

To view the list of detections performed by Adaptive Anomaly Control rules:

  1. In the main menu, go to Operations → Repositories.
  2. Click the Rule triggers in Smart Training state link.

    The list displays the following information about detections performed using Adaptive Anomaly Control rules:

    • Administration group
    • Device name
    • Name
    • Status
    • User name
    • Processed
    • Source process path
    • Source process hash
    • Source object path
    • Source object hash
    • Target process path
    • Target process hash
    • Target object path
    • Target object hash

To view properties of each information element:

  1. In the main menu, go to Operations → Repositories.
  2. Click the Rule triggers in Smart Training state link.
  3. In the window that opens, select the object that you want.
  4. Click the Properties link.

The properties window of the object opens and displays information about the selected element.

You can confirm or add to exclusions any element in the list of detections of Adaptive Anomaly Control rules.

To confirm an element,

Select an element (or several elements) in the list of detections and click the Confirm button.

The status of the element(s) will be changed to Confirming.

Your confirmation will contribute to the statistics used by the rules (for more information, refer to Kaspersky Endpoint Security for Windows documentation).

To add an element as an exclusion,

Select an element (or several elements) in the list of detections and click the Exclude button.

The Add exclusion wizard starts. Follow the instructions of the wizard.

If you reject or confirm an element, it will be excluded from the list of detections after the next synchronization of the client device with the Administration Server, and will no longer appear in the list.

See also:

Triggering of rules in Smart Training mode

Scenario: Configuring network protection

Page top