When configuring regular scans for threats on devices or after a threat is already detected on one of your users' devices, you can add a threat to an IoC scan, so that it will check other devices for that threat.
To each IoC scan, you can add a maximum of 200 threats.
Select the Security management → Endpoint Detection and Response section.
Click the IoC scan button.
Add a threat in either of the following ways:
To add a threat to Proactive scan, click the Add a threat button.
To add a threat to any scan, click the View link on the respective tile, and then click the Add button.
The Add a threat window opens.
Enter the threat name.
If necessary, enter the threat description.
Under Indicators of compromise (IoCs), specify IoCs of this threat:
If you plan to specify two or more IoCs, in the Detection criteria list, select the detection criteria (the logical operator):
Match ANY of the following, if you want an alert to occur if at least one of the IoCs is found on a device (the OR logical operator).
Match ALL of the following, if you want an alert to occur only if all of the IoCs are found on a device simultaneously (the AND logical operator).
Under Indicator 1, select the IoC type, and then specify its value.
When adding a registry key as an IoC, start from a registry hive (for example, HKEY_LOCAL_MACHINE\Software\Microsoft). When you add a registry key as an IoC, Kaspersky Endpoint Security for Windows scans only some of the registry keys.
If you want to add more IoCs to the threat, click + Add an indicator, and then specify another IoC.
To each threat, you can add a maximum of 100 IoCs.