Managing IOC Scan tasks in Kaspersky Endpoint Agent

Support

Support for business applications

Kaspersky Endpoint Agent

IOC Scan

Managing IOC Scan tasks in Kaspersky Endpoint Agent

November 17, 2023

ID 194665

You can manage IOC Scan tasks using Kaspersky Security Center or using the Kaspersky Endpoint Agent command line interface, and you can also download IOC files and configure the IOC scan schedule in the Kaspersky Anti Targeted Attack Platform web interface. The description of each IOC Scan task type and information on the available management capabilities for IOC Scan tasks are shown in the table below.

Managing IOC Scan tasks

Task type	Using Kaspersky Security Center	Using the Central Node component	Using the command line interface
Standard IOC Scan task	Creating, removing, and starting the task manually. Viewing detailed reports on the task execution results as a summary table and in the Detected IOCs card. Detected IOC card contains information about objects that match the conditions of the processed IOC file, as well as the text of the matched branches or individual conditions from this IOC file. Viewing the Detected IOC card is not available for IOC files, for which no indicators of compromise were detected during scan. IOC collection export. Configuring the following task settings in the task creation wizard or in the task properties after the task creation: IOC collection settings. IOC scan settings. Application actions upon IOC detection (network isolation of the device and start of the scan tasks using EPP on the device). Task schedule settings. Storage time for the task execution results on the Administration Server (unavailable in the task creation wizard).	Task management is not applicable.	Creating and running the task with the required settings. Viewing data on the task's execution.
Autonomous IOC Scan task	Configuring task start settings. Starting and removing a task manually. Enabling responses to the threats detected by Kaspersky Sandbox. Adding an action to automatically create an Autonomous IOC Scan Task. Viewing detailed reports on the task execution results as a summary table and in the Detected IOCs card. IOC collection export. Configuring the following settings in the task properties: Application actions upon IOC detection (quarantining an object and deleting it from the device; starting scan tasks using EPP on the device). Task schedule settings. Storage time for task execution results on the Administration Server.	Task management is not applicable.	Task management is not applicable.
IOC Scan task created by Central Node	Task management is not applicable.	Downloading IOC files, configuring IOC scan schedule.	Task management is not applicable.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.