Kaspersky Industrial CyberSecurity for Networks can control the launch of executable files on the devices known to the application. Monitoring of executable file launches relies on data from EPP applications or applications that use the Kaspersky Industrial CyberSecurity for Networks API. The application uses the received data to create the table of executable files.
Automatic receipt of data about executable file launches is available for devices with Endpoint Agent, which communicates with the EPP application and sends basic data on the devices and running processes (telemetry data) to Kaspersky Industrial CyberSecurity for Networks. The application specifies the Telemetry (Endpoint Agent) source for this data. If the data about an executable file run is received only from the application that uses the Kaspersky Industrial CyberSecurity for Networks API, the application sets the data source value to External source for this file.
To receive data about executable file runs from the Telemetry (Endpoint Agent) source, asset management methods must be enabled for detecting device activity and device information. These methods must be enabled on all nodes where the application components from which EPP applications information is received are installed.
The table of executable files has the following limitations on the number and storage time of elements:
If the maximum number of executable files is reached, the application automatically deletes 10% of the oldest records.
If no new data about the run of the executable file was received before the maximum storage time expires, the application automatically deletes the entry about this file.
If needed, users with the Administrator role can manually delete executable files.
You can view information about executable files on the Executable files tab in the Assets section. When viewing the executable files table, you can configure, filter, search, sort, and navigate to related items.
The application displays the following device executable files details in the table and details area for the selected file: