We recommend enabling extended telemetry on the computer for retrospective IOC scanning. Extended telemetry improves the accuracy of IOC detection, but uses more resources of the computer.
Extended telemetry includes the support of the following additional terms:
FileItem/Md5sum
FileItem/Sha256sum
FileItem/SizeInBytes
FileItem/Created
FileItem/Modified
FileItem/Changed
FileItem/Accessed
FileItem/FileAttributes
If extended telemetry is disabled, Kaspersky Endpoint Security may rotate the information about detected indicators of compromise.
To enable extended telemetry:
In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Built-in Agents Configuration → Endpoint Detection and Response.
Select the Enable advanced system activity logging check box.