Starting with Kaspersky Endpoint Security 12.3 for Windows, the application includes the Endpoint Detection and Response Agent (EDR Agent) configuration. Endpoint Detection and Response Agent is an application that is installed on individual workstations and servers in the IT infrastructure of the organization to support the Kaspersky Managed Detection and Response and Kaspersky Anti Targeted Attack Platform (EDR) solutions. EDR Agent continuously monitors processes running on these computers, open network connections, and files being modified. Protection and control components are not available for EDR Agent.
EDR Agent is compatible with third-party EPP applications. This lets you use third-party infrastructure security tools alongside Detection and Response by Kaspersky.
To deploy EDR Agent, the computer must have the Network Agent installed, and the computer must be added in the Kaspersky Security Center console. To enable the interaction of EDR Agent with Kaspersky Security Center, you must install the Kaspersky Endpoint Security for Windows management plug-in. You can specify EDR Agent settings using a group policy. To integrate EDR Agent, you must configure the integration in appropriate policy sections.
The following Kaspersky applications should be installed on the infrastructure to support operation of MDR / KATA (EDR):
|
|
Endpoint |
|
Kaspersky Endpoint Security for Windows Management Plug-in |
|
Kaspersky Security Center |
|
|
|
MDR / KATA (EDR) |
|