Automatic removal of inactive hosts

You can enable or disable the automatic removal of inactive hosts from the Endpoint Agents table. Inactive hosts are hosts that have not connected to the Central Node server for the configured time.

Users with the Security auditor role can view the settings for automatic removal of inactive hosts. Users with the Senior security officer and Security officer roles cannot view the settings.

To enable or disable the automatic removal of hosts from the Endpoint Agents table:

1. In the window of the application web interface, select the Settings section, Endpoint Agents subsection.
2. Under Delete inactive hosts automatically, do the following:
   • If you want to enable this functionality, move the Delete hosts toggle switch to Enabled.
   • If you want to enable this functionality, move the Delete hosts toggle switch to Disabled.
3. If you have enabled this functionality, in the Delete after field, specify the number of days after which hosts that have not connected to the Central Node component must be considered inactive.

   The minimum value is 1 and the maximum value is 365.

Automatic removal of inactive hosts is enabled or disabled.

If the value specified in the Delete after field is less than the values specified in the Warning and/or Critical inactivity fields under Activity indicators, hosts are removed earlier than an inactivity warning is displayed in the Dashboard section.

When hosts are removed the following changes are made in the web interface of Kaspersky Anti Targeted Attack Platform:

• You cannot create a task, prevention rule, or network isolation rule for a removed host.
• If a prevention rule was previously created for a host, its name in the rule window (the Prevent on field) is hidden when the host is removed. The rule continues to apply.

  If this host reconnects to the Central Node server, the host name is restored in the Prevent on field and the prevention rule is applied to it again.

• If a network isolation rule was previously created for a host, it continues to apply until the time specified in the rule expires.

  When this host reconnects to the Central Node, the rule is reapplied to this host.

• The metadata of objects quarantined on the remote host are deleted from Kaspersky Anti Targeted Attack Platform Quarantine.

  When this host reconnects to the Central Node server, the metadata of objects in Kaspersky Anti Targeted Attack Platform Quarantine are not restored. You can avoid Quarantine filling up on a host by clearing it on command line or in Kaspersky Security Center. For details, see the Help of the application that you are using in the role of the Endpoint Agent component.

• If an object was quarantined by the Quarantine file task on one host only and that host was removed, the Restore all button in task window is inactive because the file cannot be restored on a removed host.

Event search by the name of the removed host remains available.

Page top