The Behavior Detection component allows you to monitor for any malicious activity from applications in the operating system. When malicious activity is detected, Kaspersky Endpoint Security can terminate the process of the application that performs malicious activity.
The Behavior Detection component is enabled automatically with the default settings when Kaspersky Endpoint Security starts.
For optimal operation of the Behavior Detection component, we recommend enabling the Web Threat Protection component.
You can enable, disable, and configure Behavior Detection:
By default, on the SintezM-Client operating system, the auditd service configuration is protected from modification, that is, it is in enabled 2 mode. For correct operation of the Behavior Detection component when Kaspersky Endpoint Security is integrated with Kaspersky Managed Detection and Response and Kaspersky Anti Targeted Attack Platform solutions, change the auditd mode in the configuration files to enabled 1 (no configuration blocking) and restart the operating system.