Enabling detection of legitimate applications that can be used by cybercriminals

Support

Support for business applications

Kaspersky Endpoint Agent

Managing the application using Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console

Configuring Kaspersky Endpoint Agent settings

Configuring the integration of Kaspersky Endpoint Agent with Kaspersky Sandbox

Enabling detection of legitimate applications that can be used by cybercriminals

November 17, 2023

ID 200591

Expand all | Collapse all

You can enable the detection of legitimate applications that could be used by cybercriminals to harm your organization's computer network. Kaspersky Endpoint Agent considers such applications to be threats and performs threat response actions on them.

Legitimate applications are allowed to be installed and used on users' computers and are designed to perform user tasks. However, some types of legitimate applications, when used by cybercriminals, may harm users' computers or the organization's computer network. If cybercriminals gain access to such applications or deploy them on users' computers, they can use the functions of such applications to violate the security of the users' computers or the organization's computer network.

These applications include IRC clients, dialers, file download applications, computer system activity monitors, password utilities, and Internet servers for FTP, HTTP, or Telnet services.

If you want to enable the detection of such applications:

Do one of the following:
- Open the application properties window for an individual device.
  1. In the main Kaspersky Security Center Web Console window select Devices → Managed devices.
  2. Select the device.
  3. In the <Device name> window that opens, select the Applications tab.
  4. Select Kaspersky Endpoint Agent.
  5. In the window that opens, select the Application settings tab.
- Open the policy properties window.
  1. In the main Kaspersky Security Center Web Console window select Devices → Policies and profiles.
  2. Select the policy you want to configure.
  3. In the <Policy name> window that opens, select the Application settings tab.
In the Kaspersky Sandbox integration section select the Threat Response subsection.
In the Additional group of settings select the Enable detection of legitimate applications that can be exploited by adversaries check box.
If you configure the policy settings, in the upper right corner of the group of settings, change the switch from Undefined to Enforce.
Click OK.
In the policy properties window, click Save.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.