When configuring regular scans for threats on devices, you can define the following scan settings: schedule, scope, and automatic response actions.
To define settings of an IoC scan:
The Scan settings window opens.
The IoC scan never runs.
Specify the time when the IoC scan must run.
Specify the day of week and the time when the IoC scan must run.
Custom scan will run at the specified time in the UTC±00:00 time zone. Proactive scan and Reactive scan will run at the specified time in the time zone of the device operating system. If a protected device is offline at the scheduled time, the task will run as soon as the device goes online.
Select the check boxes next to the devices to be included and clear the check boxes next to the devices to be excluded. Click Save to save the changes.
This setting is available only for Custom scan. For other scans (Proactive scan and Reactive scan), the scope is all of your users' devices running Windows. It cannot be modified.
All new devices that are added in the future will be automatically included in the scan scope. So, if you want to exclude them from the scope of the custom scan, you must do it manually.
The event of detecting a threat is added to the Event log. No other actions are taken.
The event of detecting a threat is added to the Event log. Additionally, the selected response actions are taken:
Kaspersky Endpoint Security for Windows scans the kernel memory, running processes, and disk boot sectors of an affected device.
Kaspersky Endpoint Security for Windows first creates a backup copy of the malicious object found on the device, in case the object needs to be restored later. The backup copy is moved to Quarantine. Then, Kaspersky Endpoint Security for Windows deletes the object.
Kaspersky Endpoint Security for Windows isolates the device from the network, to prevent the threat from spreading or prevent a breach of sensitive information. To configure the isolation duration, click Settings, and then select the required value.
The isolation duration is common for all three IoC scans. If you change the value in the settings of one scan, it will be propagated to other scans.
As an alternative, you can configure the isolation duration by selecting the Security management → Endpoint Detection and Response section, and then clicking Response settings → Network isolation.
The settings of the selected IoC scan are defined.
Page top