Kaspersky Next monitors and blocks actions that are not typical of the Windows devices in a company's network.
This feature is available only if you activated Kaspersky Next under a Kaspersky Next EDR Optimum or XDR Expert license.
Adaptive Anomaly Control uses a set of rules to track uncharacteristic behavior (for example, the Start of Microsoft PowerShell from office application rule). Rules are created by Kaspersky specialists, based on typical scenarios of malicious activity. You can configure how Adaptive Anomaly Control handles each rule and, for example, allow the execution of PowerShell scripts that automate certain workflow tasks. Kaspersky Next updates the set of rules along with the application databases.
Each Adaptive Anomaly Control rule can be in one of the following modes:
The detections made by this rule are only added to the Event log. No other actions are made.
The feature blocks all actions that are associated with the rule.
First, you train the rule by selecting whether the detections made by it are actually uncharacteristic behavior or false positives. After the training period ends, the feature allows or blocks further actions according to the training results.
You can enable and configure Adaptive Anomaly Control. After the feature detects some uncharacteristic behavior, you can process the list of detections and either confirm them or add to exclusions, depending on whether a detection is actually anomalous behavior or not.
Kaspersky Next also provides you with two reports related to the feature.
Page top