Modifying the action taken when an Adaptive Anomaly Control rule is triggered

To edit the action that is taken when an Adaptive Anomaly Control rule is triggered:

1. In the main application window, click the button.
2. In the application settings window, select Security Controls → Adaptive Anomaly Control.
3. In the Rules block, click the Edit rules button.

   The Adaptive Anomaly Control rule list opens.

4. Select a rule in the table.
5. Click Edit.

   The Adaptive Anomaly Control rule properties window opens.

6. In the Action block, select one of the following options:
   • Smart. If this option is selected, the Adaptive Anomaly Control rule works in Smart training state for a period of time defined by Kaspersky experts. In this mode, when an Adaptive Anomaly Control rule is triggered, Kaspersky Endpoint Security allows the activity covered by the rule and logs an entry in the Triggering of rules in Smart Training state storage of the Kaspersky Security Center Administration Server. When the time period set for working in Smart Training state ends, Kaspersky Endpoint Security blocks the activity covered by an Adaptive Anomaly Control rule and logs an entry containing information about the activity.
   • Block. If this action is selected, when an Adaptive Anomaly Control rule is triggered Kaspersky Endpoint Security blocks the activity covered by the rule and logs an entry containing information about the activity.
   • Notify. If this action is selected, when an Adaptive Anomaly Control rule is triggered Kaspersky Endpoint Security allows the activity covered by the rule and logs an entry containing information about the activity.
7. Save your changes.