Integration with Kaspersky Sandbox

Adding the Kaspersky Sandbox component is required for integration with Kaspersky Sandbox component. You can select the Kaspersky Sandbox component during installation or upgrade, as well as using the Change application components task.

To use the component, the following conditions must be met:

• Kaspersky Security Center 13.2. Earlier versions of Kaspersky Security Center do not allow the creation of standalone IOC Scan tasks for threat response.
• The component can be managed only using the Web Console. You cannot manage this component using the Administration Console (MMC).
• The application is activated and the functionality is covered by the license.
• Data transfer to Administration Server is enabled.

  To use all the features of Kaspersky Sandbox, make sure quarantine file data transfer is enabled. The data are required to obtain information about files quarantined on a computer through Web Console. For example, you can download a file from quarantine for analysis in Web Console.

  How to enable data transfer to the Administration Server in Web Console

  1. In the main window of the Web Console, select Devices → Policies & Profiles.
  2. Click the name of the Kaspersky Endpoint Security policy.

     The policy properties window opens.

  3. Select the Application settings tab.
  4. Go to General settings → Reports and Storage.
  5. In the Data transfer to Administration Server block, select the About Quarantine files check box.
  6. Save your changes.
• A background connection between Kaspersky Security Center Web Console and Administration Server is established

  For Kaspersky Sandbox to work with Administration Server via Kaspersky Security Center Web Console, you must establish a new secure connection, a background connection. For details about the integration of Kaspersky Security Center with other Kaspersky solutions, refer to the Kaspersky Security Center Help.

  Establishing a background connection in Web Console

  1. In the main window of the Web Console, select Console settings → Integration.
  2. Go to the Cross-service integration section.
  3. Turn on the Establish a background connection for cross-service integration toggle switch.
  4. Save your changes.

  If a background connection between Kaspersky Security Center Web Console and Administration Server is not established, stand-alone IOC scan tasks cannot be created as part of Threat Response.

• The Kaspersky Sandbox component is enabled.

  You can enable or disable the integration with Kaspersky Sandbox in Web Console or locally using the command line.

To enable or disable the integration with Kaspersky Sandbox:

1. In the main window of the Web Console, select Devices → Policies & Profiles.
2. Click the name of the Kaspersky Endpoint Security policy.

   The policy properties window opens.

3. Select the Application settings tab.
4. Go to Detection and Response → Kaspersky Sandbox.
5. Use the Integration with Kaspersky Sandbox toggle switch to enable or disable the component.
6. Save your changes.

As a result, the Kaspersky Sandbox component is enabled. Check the operating status of the component by viewing the Application components status report. You can also view the operating status of a component in reports in the local interface of Kaspersky Endpoint Security. The Kaspersky Sandbox component will be added to the list of Kaspersky Endpoint Security components.

Kaspersky Endpoint Security saves information about the functioning of the Kaspersky Sandbox component to a report. The report also contains information about errors. If you get an error with a description fitting the Error code: XXX format (for example, 0xa67b01f4), contact Technical Support.