Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox
Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox
November 17, 2023
ID 193083
Kaspersky Endpoint Agent can perform actions in response to threats detected by Kaspersky Sandbox.
You can configure the following types of actions:
- Local – actions to be performed on each device where a threat is detected.
- Group – actions to be performed on all devices of the administration group for which the policy is configured.
Local actions:
- Quarantine and delete.
- Notify device user.
- Run Endpoint Protection Platform scan of critical areas on the device.
Group actions:
- Run IOC Scan on a managed group of devices.
- Quarantine and delete when IOC is found.
- Run Endpoint Protection Platform scan of critical areas on the device when IOC is found.
To configure group threat response actions, set up the permissions of the Kaspersky Security Center users whose accounts you want to use to manage IOC Scan tasks.
When configuring threat response actions, keep in mind that as a result of some actions, the object containing the threat may be deleted from the workstation where it was detected.
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.