Kaspersky Endpoint Agent


May 29, 2023

ID 90

Autorun points

A list of processes that are automatically started on the endpoints (mobile devices, computers, or laptops) in background mode when certain events occur (for example, loading of the operating system, logging in, starting file explorer, running scheduled tasks). Autorun program files may be hidden, which may be the reason for the implicit slowdown of the device or the evidence of malware on the device.

End User License Agreement

A binding agreement between you and AO Kaspersky Lab, stipulating the terms on which you may use the application.

Endpoint Protection Platform (EPP)

An integrated system of comprehensive endpoint protection (for example, mobile devices, computers or laptops) using various security technologies. An example of an Endpoint Protection Platform is Kaspersky Endpoint Security for Business.

EPP application

An application included in a protection system for endpoint devices (Endpoint Protection Platform, or EPP). EPP applications are installed on endpoint devices within the IT infrastructure of an organization (for example, mobile devices, computers, or laptops). An example of an EPP application is Kaspersky Endpoint Security for Windows as part of the EPP solution Kaspersky Endpoint Security for Business.


Indicator of Compromise. A set of data about a malicious object or action.

IOC file

A file that contains a set of compromise indicators that are compared to the indicators of an event. If the compared indicators match, the application considers the event to be a detection. The detection probability may increase if the scan finds exact matches between the object's data and multiple IOC files.

Kaspersky Endpoint Agent

Kaspersky Endpoint Agent is an application that is installed on individual devices within an organization's IT infrastructure. The application constantly monitors the processes running on these devices, as well as open network connections and files modifications. Kaspersky Endpoint Agent interacts with other Kaspersky solutions to detect comprehensive threats (such as targeted attacks).


An open standard for Indicator of Compromise (IOC) description based on XML that contains over 500 various indicators of compromise.

OVAL rules

OVAL (Open Vulnerability and Assessment Language) is an open language for describing and assessing vulnerabilities. OVAL standardizes the following components of the assessment process:

  • Submission of configuration data for the system.
  • System analysis for the following entities: vulnerabilities, updates, patches, etc.
  • Submission of reports on the system evaluation.

To perform the Security Audit task, Kaspersky Endpoint Agent uses files with OVAL rules in XML format. The application generates a report based on the scan results.

Targeted attack

An attack targeted at a specific person or organization. Unlike mass attacks by computer viruses aimed at infecting the maximum number of computers, targeted attacks can be aimed at infecting the network of a certain organization or even one server in the organization's IT infrastructure. A special trojan program may be developed for each targeted attack.


Data that Kaspersky Endpoint Agent analyzes on the protected device and sends to the Telemetry collection server. Telemetry is a list of events that occurred on the protected device.

Telemetry collection server

The type of the server with which Kaspersky Endpoint Agent can be integrated. If integration is configured, Kaspersky Endpoint Agent sends telemetry to the server, receives tasks from the server, and generates reports on the execution of these tasks.

TLS encryption

Encryption of the connection between two servers, providing secure data transfer between the servers in the Internet.


Application debugging, during which the application stops after the execution of each command and the execution result is displayed.

YARA file

YARA files are the files with the yara or yar extension that contain YARA rules.

YARA rules are the descriptions of signatures for targeted attacks and intrusions into the organization's IT infrastructure. Kaspersky Endpoint Agent scans the objects according to these rules. If the rule is executed, the analyzer issues an infection verdict with the corresponding details in the log.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.