When integrated with Detection and Response solutions, Kaspersky Endpoint Security can perform response actions to maintain security functionality. Response actions can be generated on the side of the Detection and Response solution and automatically performed on Kaspersky Endpoint Security devices if this functionality is enabled in the settings of the Detection and Response solution. You can also configure and perform response actions manually.
The settings of response actions vary depending on the Detection and Response solution with which Kaspersky Endpoint Security is integrated.
Kaspersky Endpoint Security can perform the following response actions:
When integrated with Kaspersky Endpoint Detection and Response (KATA) or Kaspersky Managed Detection and Response, network isolation is enabled or disabled on the side of the Detection and Response solution. You can manually disable network isolation of a device:
When integrated with Kaspersky Endpoint Detection and Response Optimum, the device can be isolated from the network automatically or manually. You can configure network isolation or manually disable network isolation for a device.
The action is performed using the Quarantine a file task.
When integrated with Kaspersky Endpoint Detection and Response (KATA) or Kaspersky Managed Detection and Response, the task is created and run on the side of the Detection and Response solution.
When integrated with Kaspersky Endpoint Detection and Response Optimum, a file can be quarantined automatically as a result of detection of indicators of compromise.
When integrated with Kaspersky Endpoint Detection and Response Optimum or with Kaspersky Managed Detection and Response, you can also manually quarantine files.
When integrated with Kaspersky Endpoint Detection and Response (KATA) or Kaspersky Managed Detection and Response, the response action is generated on the side of the Detection and Response solution. You can also perform the action manually using Kaspersky Security Center or the command line.
When integrated with Kaspersky Endpoint Detection and Response Optimum, you can perform the action manually using Kaspersky Security Center or the command line.
When integrated with Kaspersky Endpoint Detection and Response (KATA) or Kaspersky Managed Detection and Response, the response action is generated on the side of the Detection and Response solution. You can also perform the action manually using Kaspersky Security Center or the command line.
When integrated with Kaspersky Endpoint Detection and Response Optimum, you can perform the action manually using Kaspersky Security Center or the command line.
When integrated with the Kaspersky Endpoint Detection and Response (KATA) component, the response action is generated on the Kaspersky Endpoint Detection and Response (KATA) side.
When integrated with Kaspersky Endpoint Detection and Response Optimum, you can perform the action manually using Kaspersky Security Center.
This action is performed using the Get file task. For example, you can configure the application to get an event log file generated by a third-party application.
When integrated with Kaspersky Endpoint Detection and Response (KATA) or Kaspersky Managed Detection and Response, the task is created and run on the side of the Detection and Response solution.
When integrating with the Kaspersky Endpoint Detection and Response Optimum solution, you can create Get file tasks in the Web Console.
This action is performed using the Delete file task.
When integrated with the Kaspersky Endpoint Detection and Response (KATA) component, the task is generated and run on the Kaspersky Endpoint Detection and Response (KATA) side.
When integrating with the Kaspersky Endpoint Detection and Response Optimum solution, you can create Delete file tasks in the Web Console.
This action is performed using the Run process task. For example, you can remotely run a utility that creates a device configuration file, and then retrieve the created file using the Get file task.
When integrated with Kaspersky Endpoint Detection and Response (KATA) or Kaspersky Managed Detection and Response, the task is created and run on the side of the Detection and Response solution.
When integrating with the Kaspersky Endpoint Detection and Response Optimum solution, you can create and run Run process tasks in the Web Console.
The action is performed using the Terminate process task. For example, you can remotely terminate an Internet speed test utility that was launched using the "Run process" task.
When Kaspersky Endpoint Security is integrated with Kaspersky Endpoint Detection and Response (KATA) or Kaspersky Managed Detection and Response, the task is created and run on the side of the Detection and Response solution.
When Kaspersky Endpoint Security is integrated with the Kaspersky Endpoint Detection and Response Optimum solution, you can create and run Terminate process tasks in the Web Console.
When integrated with Kaspersky Endpoint Detection and Response (KATA), the IOC scan is performed in the Kaspersky Endpoint Detection and Response (KATA) solution.
When integrated with Kaspersky Endpoint Detection and Response Optimum, an IOC Scan is performed using the IOC Scan task. You can create IOC Scan tasks manually.
When integrated with Kaspersky Endpoint Detection and Response (KATA) or Kaspersky Endpoint Detection and Response Optimum, you can enable Execution prevention rules. Kaspersky Endpoint Security prevents the execution of objects or opening of documents that match the criteria of the prevention rules.
When integrated with Kaspersky Endpoint Detection and Response (KATA), the application gets execution prevention rules from Kaspersky Endpoint Detection and Response (KATA).
When integrated with Kaspersky Endpoint Detection and Response Optimum, you can configure execution prevention rules in the Web Console.