Kaspersky Endpoint Security 12.1 for Windows
- Čeština (Česká republika)
- Deutsch
- Español (España)
- Español (México)
- Français
- Italiano
- Magyar (Magyarország)
- Nederlands (Nederland)
- Polski (Polska)
- Português (Brasil)
- Português (Portugal)
- Română (România)
- Tiếng Việt (Việt Nam)
- Türkçe (Türkiye)
- Русский
- العربية (الإمارات العربية المتحدة)
- 한국어 (대한민국)
- 简体中文
- 繁體中文
- 日本語(日本)
- Čeština (Česká republika)
- Deutsch
- Español (España)
- Español (México)
- Français
- Italiano
- Magyar (Magyarország)
- Nederlands (Nederland)
- Polski (Polska)
- Português (Brasil)
- Português (Portugal)
- Română (România)
- Tiếng Việt (Việt Nam)
- Türkçe (Türkiye)
- Русский
- العربية (الإمارات العربية المتحدة)
- 한국어 (대한민국)
- 简体中文
- 繁體中文
- 日本語(日本)
- Kaspersky Endpoint Security for Windows Help
- Kaspersky Endpoint Security for Windows
- Installing and removing the application
- Deployment through Kaspersky Security Center
- Installing the application locally using the Wizard
- Remotely installing the application using System Center Configuration Manager
- Description of setup.ini file installation settings
- Change application components
- Upgrading from a previous version of the application
- Remove the application
- Application licensing
- About the End User License Agreement
- About the license
- About the license certificate
- About subscription
- About license key
- About activation code
- About the key file
- Comparison of application functionality depending on license type for workstations
- Comparison of application functionality depending on license type for servers
- Activating the application
- Viewing license information
- Purchasing a license
- Renewing subscription
- Data provision
- Getting started
- About the Kaspersky Endpoint Security for Windows Management Plug-in
- Special considerations when working with different versions of management plug-ins
- Special considerations when using encrypted protocols for interacting with external services
- Application interface
- Getting started
- Managing policies
- Task management
- Configuring local application settings
- Starting and stopping Kaspersky Endpoint Security
- Pausing and resuming computer protection and control
- Creating and using a configuration file
- Restoring the default application settings
- Malware Scan
- Updating databases and application software modules
- Database and application module update scenarios
- Starting and stopping an update task
- Starting an update task under the rights of a different user account
- Selecting the update task run mode
- Adding an update source
- Configuring updates from a shared folder
- Updating application modules
- Using a proxy server for updates
- Last update rollback
- Working with active threats
- Computer protection
- File Threat Protection
- Enabling and disabling File Threat Protection
- Automatic pausing of File Threat Protection
- Changing the action taken on infected files by the File Threat Protection component
- Forming the protection scope of the File Threat Protection component
- Using scan methods
- Using scan technologies in the operation of the File Threat Protection component
- Optimizing file scanning
- Scanning compound files
- Changing the scan mode
- Web Threat Protection
- Mail Threat Protection
- Enabling and disabling Mail Threat Protection
- Changing the action to take on infected email messages
- Forming the protection scope of the Mail Threat Protection component
- Scanning compound files attached to email messages
- Email messages attachment filtering
- Exporting and importing extensions for attachment filtering
- Scanning emails in Microsoft Office Outlook
- Network Threat Protection
- Firewall
- BadUSB Attack Prevention
- AMSI Protection
- Exploit Prevention
- Behavior Detection
- Enabling and disabling Behavior Detection
- Selecting the action to take on detecting malware activity
- Protection of shared folders against external encryption
- Enabling and disabling protection of shared folders against external encryption
- Selecting the action to take on detection of external encryption of shared folders
- Creating an exclusion for protection of shared folders against external encryption
- Configuring addresses of exclusions from protection of shared folders against external encryption
- Exporting and importing a list of exclusions from protection of shared folders against external encryption
- Host Intrusion Prevention
- Remediation Engine
- Kaspersky Security Network
- Encrypted connections scan
- Wipe Data
- File Threat Protection
- Computer control
- Web Control
- Device Control
- Enabling and disabling Device Control
- About access rules
- Editing a device access rule
- Editing a connection bus access rule
- Managing access to mobile devices
- Control of printing
- Control of Wi-Fi connections
- Monitoring usage of removable drives
- Changing the caching duration
- Actions with trusted devices
- Obtaining access to a blocked device
- Editing templates of Device Control messages
- Anti-Bridging
- Adaptive Anomaly Control
- Enabling and disabling Adaptive Anomaly Control
- Enabling and disabling an Adaptive Anomaly Control rule
- Modifying the action taken when an Adaptive Anomaly Control rule is triggered
- Creating an exclusion for an Adaptive Anomaly Control rule
- Exporting and importing exclusions for Adaptive Anomaly Control rules
- Applying updates for Adaptive Anomaly Control rules
- Editing Adaptive Anomaly Control message templates
- Viewing Adaptive Anomaly Control reports
- Application Control
- Application Control functionality limitations
- Receiving information about the applications that are installed on users' computers
- Enabling and disabling Application Control
- Selecting the Application Control mode
- Managing Application Control rules
- Adding a trigger condition for the Application Control rule
- Adding executable files from the Executable files folder to the application category
- Adding event-related executable files to the application category
- Adding an Application Control rule
- Changing the status of an Application Control rule via Kaspersky Security Center
- Exporting and importing Application Control rules
- Viewing events resulting from operation of the Application Control component
- Viewing a report on blocked applications
- Testing Application Control rules
- Application activity monitor
- Rules for creating name masks for files or folders
- Editing Application Control message templates
- Best practices for implementing a list of allowed applications
- Network ports monitoring
- Log Inspection
- File Integrity Monitor
- Password protection
- Trusted zone
- Managing Backup
- Notification service
- Managing reports
- Kaspersky Endpoint Security Self-Defense
- Kaspersky Endpoint Security performance and compatibility with other applications
- Data Encryption
- Encryption functionality limitations
- Changing the length of the encryption key (AES56 / AES256)
- Kaspersky Disk Encryption
- Special features of SSD drive encryption
- Starting Kaspersky Disk Encryption
- Creating a list of hard drives excluded from encryption
- Exporting and importing a list of hard drives excluded from encryption
- Enabling Single Sign-On (SSO) technology
- Managing Authentication Agent accounts
- Using a token and smart card with Authentication Agent
- Hard drive decryption
- Restoring access to a drive protected by Kaspersky Disk Encryption technology
- Signing in with the Authentication Agent service account
- Updating the operating system
- Eliminating errors of encryption functionality update
- Selecting the Authentication Agent tracing level
- Editing Authentication Agent help texts
- Removing leftover objects and data after testing the operation of Authentication Agent
- BitLocker Management
- File Level Encryption on local computer drives
- Encrypting files on local computer drives
- Forming encrypted file access rules for applications
- Encrypting files that are created or modified by specific applications
- Generating a decryption rule
- Decrypting files on local computer drives
- Creating encrypted packages
- Restoring access to encrypted files
- Restoring access to encrypted data after operating system failure
- Editing templates of encrypted file access messages
- Encryption of removable drives
- Viewing data encryption details
- Working with encrypted devices when there is no access to them
- Detection and Response solutions
- KSWS to KES Migration Guide
- Correspondence of KSWS and KES components
- Correspondence of KSWS and KES settings
- Migrating KSWS components
- Migrating KSWS tasks and policies
- Installing KES instead of KSWS
- Migrating the [KSWS+KEA] configuration to [KES+built-in agent] configuration
- Making sure Kaspersky Security for Windows Server was successfully removed
- Activating KES with a KSWS key
- Special considerations for migrating high-load servers
- Example of migration from [KSWS+KEA] to KES
- Managing the application on a Core Mode server
- Managing the application from the command line
- Installing the application
- Activating the application
- Remove the application
- AVP commands
- SCAN. Malware Scan
- UPDATE. Updating databases and application software modules
- ROLLBACK. Last update rollback
- TRACES. Tracing
- START. Start the profile
- STOP. Stopping a profile
- STATUS. Profile status
- STATISTICS. Profile operation statistics
- RESTORE. Restoring files from Backup
- EXPORT. Exporting application settings
- IMPORT. Importing application settings
- ADDKEY. Applying a key file
- LICENSE. Licensing
- RENEW. Purchasing a license
- PBATESTRESET. Reset the disk check results before encrypting the disk
- EXIT. Exit the application
- EXITPOLICY. Disabling policy
- STARTPOLICY. Enabling policy
- DISABLE. Disabling protection
- SPYWARE. Spyware detection
- KSN. Switching between KSN / KPSN
- KESCLI commands
- Scan. Malware Scan
- GetScanState. Scan completion status
- GetLastScanTime. Determining the scan completion time
- GetThreats. Obtaining data on detected threats
- UpdateDefinitions. Updating databases and application software modules
- GetDefinitionState. Determining the update completion time
- EnableRTP. Enabling protection
- GetRealTimeProtectionState. File Threat Protection status
- Version. Identifying the application version
- Detection and Response management commands
- Error codes
- Appendix. Application profiles
- Managing the application through the REST API
- Sources of information about the application
- Contacting Technical Support
- Limitations and warnings
- Glossary
- Active key
- Additional key
- Administration group
- Anti-virus databases
- Archive
- Authentication Agent
- Certificate issuer
- Database of malicious web addresses
- Database of phishing web addresses
- Disinfection
- False alarm
- Infectable file
- Infected file
- IOC
- IOC file
- License certificate
- Mask
- Network Agent
- Normalized form of the address of a web resource
- OLE object
- OpenIOC
- Portable File Manager
- Protection scope
- Scan scope
- Task
- Trusted Platform Module
- Appendices
- Appendix 1. Application settings
- File Threat Protection
- Web Threat Protection
- Mail Threat Protection
- Network Threat Protection
- Firewall
- BadUSB Attack Prevention
- AMSI Protection
- Exploit Prevention
- Behavior Detection
- Host Intrusion Prevention
- Remediation Engine
- Kaspersky Security Network
- Log Inspection
- Web Control
- Device Control
- Application Control
- Adaptive Anomaly Control
- File Integrity Monitor
- Endpoint Sensor
- Kaspersky Sandbox
- Endpoint Detection and Response
- Endpoint Detection and Response (KATA)
- Full Disk Encryption
- File Level Encryption
- Encryption of removable drives
- Templates (data encryption)
- Exclusions
- Application settings
- Reports and storage
- Network settings
- Interface
- Manage Settings
- Updating databases and application software modules
- Appendix 2. Application trust groups
- Appendix 3. File extensions for quick removable drives scan
- Appendix 4. File Types for the Mail Threat Protection attachment filter
- Appendix 5. Network settings for interaction with external services
- Appendix 6. Application events
- Appendix 7. Supported file extensions for Execution prevention
- Appendix 8. Supported script interpreters for Execution prevention
- Appendix 9. IOC scan scope in the registry (RegistryItem)
- Appendix 10. IOC file requirements
- Appendix 1. Application settings
- Information about third-party code
- Trademark notices
Critical
End User License Agreement violated
Status |
|
Component |
System Audit |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
System Audit |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
– |
Kaspersky Security Center event log (default) |
Databases are missing or corrupted
Status |
|
Component |
System Audit |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
– |
Kaspersky Security Center event log (default) |
– |
Databases are extremely out of date
Status |
|
Component |
System Audit |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
– |
Kaspersky Security Center event log (default) |
Application autorun is disabled
Status |
|
Component |
System Audit |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
– |
Kaspersky Security Center event log (default) |
Status |
|
Component |
System Audit |
Windows event ID |
|
Kaspersky Security Center event ID |
– |
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Active threat detected. Advanced Disinfection should be started
Status |
|
Component |
System Audit |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
System Audit |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
– |
Kaspersky Security Center event log (default) |
Not enough space in Quarantine storage
Status |
|
Component |
System Audit |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Object not restored from Quarantine
Status |
|
Component |
System Audit |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Object not deleted from Quarantine
Status |
|
Component |
System Audit |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
The application established a connection to a website with an untrusted certificate
Status |
|
Component |
System Audit |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Failed to verify an encrypted connection. The domain is added to the list of exclusions
Status |
|
Component |
System Audit |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Malicious object detected (local bases)
Status |
|
Component |
File Threat Protection Web Threat Protection Mail Threat Protection AMSI Protection Host Intrusion Prevention Behavior Detection Exploit Prevention Malware Scan |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Event parameters |
When external encryption of shared folders is detected, the application shows the path to the target file. |
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Malicious object detected (KSN)
Status |
|
Component |
File Threat Protection Web Threat Protection Mail Threat Protection AMSI Protection Host Intrusion Prevention Behavior Detection Exploit Prevention Malware Scan |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Event parameters |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
File Threat Protection Mail Threat Protection Host Intrusion Prevention Malware Scan |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Event parameters |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
File Threat Protection Host Intrusion Prevention Behavior Detection Malware Scan |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
– |
Kaspersky Security Center event log (default) |
Status |
|
Component |
File Threat Protection Web Threat Protection Mail Threat Protection Host Intrusion Prevention AMSI Protection Malware Scan |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
File Threat Protection Host Intrusion Prevention Behavior Detection Malware Scan |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
– |
Kaspersky Security Center event log (default) |
Status |
|
Component |
File Threat Protection Host Intrusion Prevention Behavior Detection Malware Scan |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
– |
Kaspersky Security Center event log (default) |
– |
Status |
|
Component |
Web Threat Protection |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Event parameters |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Web Threat Protection |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Event parameters |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Previously opened dangerous link detected
Status |
|
Component |
Web Threat Protection |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Event parameters |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Adaptive Anomaly Control |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Event parameters |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
BadUSB Attack Prevention |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
AMSI Protection |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Firewall |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Network Threat Protection |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Event parameters |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Application startup prohibited
Status |
|
Component |
Application Control |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Event parameters |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Prohibited process was started before Kaspersky Endpoint Security startup
Status |
|
Component |
Application Control |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Web Control |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Event parameters |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Web Control |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Event parameters |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Operation with the device prohibited
Status |
|
Component |
Device Control |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Event parameters |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Device Control |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Database update |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Error distributing component updates
Status |
|
Component |
Database update |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
|
Status |
|
Component |
Database update |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
|
Status |
|
Component |
Database update |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
|
Cannot start two tasks at the same time
Status |
|
Component |
Database update |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Error verifying application databases and modules
Status |
|
Component |
Database update |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Error in interaction with Kaspersky Security Center
Status |
|
Component |
Database update |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Not all components were updated
Status |
|
Component |
Database update |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Update completed successfully, update distribution failed
Status |
|
Component |
Database update |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
|
Status |
|
Component |
System Audit |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
|
Status |
|
Component |
Database update |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Database update |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Error applying file encryption / decryption rules
Status |
|
Component |
Data Encryption |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
File encryption / decryption error
Status |
|
Component |
Data Encryption |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Event parameters |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Data Encryption |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Event parameters |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
|
Status |
|
Component |
Data Encryption |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Data Encryption |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Error creating encrypted package
Status |
|
Component |
Data Encryption |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Error encrypting / decrypting device
Status |
|
Component |
Data Encryption |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Could not load encryption module
Status |
|
Component |
Data Encryption |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
The task for managing Authentication Agent accounts ended with an error
Status |
|
Component |
Data Encryption |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
System Audit |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Data Encryption |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Data Encryption |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Kaspersky Anti Targeted Attack Platform server unavailable
Status |
|
Component |
Endpoint Sensor |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
– |
Kaspersky Security Center event log (default) |
Status |
|
Component |
Kaspersky Sandbox |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Object not quarantined (Kaspersky Sandbox)
Status |
|
Component |
Kaspersky Sandbox |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Kaspersky Sandbox |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Invalid Kaspersky Sandbox server certificate
Status |
|
Component |
Kaspersky Sandbox |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
The Kaspersky Sandbox node is unavailable
Status |
|
Component |
Kaspersky Sandbox |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
An error occurred while processing the object in Kaspersky Sandbox
Status |
|
Component |
Kaspersky Sandbox |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Maximum load to Kaspersky Sandbox is exceeded
Status |
|
Component |
Kaspersky Sandbox |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
|
Status |
|
Component |
Endpoint Detection and Response |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Kaspersky Sandbox license verification failed
Status |
|
Component |
Kaspersky Sandbox |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Endpoint Detection and Response |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Endpoint Detection and Response |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Endpoint Detection and Response |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Object not quarantined (Endpoint Detection and Response)
Status |
|
Component |
Endpoint Detection and Response |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Process startup is not blocked
Status |
|
Component |
Endpoint Detection and Response |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Endpoint Detection and Response |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Script execution is not blocked
Status |
|
Component |
Endpoint Detection and Response |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Error changing application components
Status |
|
Component |
System Audit |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
There are patterns of a possible brute-force attack in the system
Status |
|
Component |
Log Inspection |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
There are patterns of a possible Windows Event Log abuse
Status |
|
Component |
Log Inspection |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Atypical actions detected on behalf of a new service installed
Status |
|
Component |
Log Inspection |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Atypical logon that uses explicit credentials detected
Status |
|
Component |
Log Inspection |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
There are patterns of a possible Kerberos forged PAC (MS14-068) attack in the system
Status |
|
Component |
Log Inspection |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Suspicious changes detected in the privileged built-in Administrators group
Status |
|
Component |
Log Inspection |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
There is an atypical activity detected during a network logon session
Status |
|
Component |
Log Inspection |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Status |
|
Component |
Log Inspection |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Atypical event occurs too often. Event aggregation started
Status |
|
Component |
Log Inspection |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Report on an atypical event for the aggregation period
Status |
|
Component |
Log Inspection |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Error connecting to the Kaspersky Anti Targeted Attack Platform server
Status |
|
Component |
EDR (KATA) |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Invalid Kaspersky Anti Targeted Attack Platform server certificate
Status |
|
Component |
EDR (KATA) |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |
Invalid certificate of the agent on the Kaspersky Anti Targeted Attack Platform server
Status |
|
Component |
EDR (KATA) |
Windows event ID |
|
Kaspersky Security Center event ID |
|
Windows event log (default) |
|
Kaspersky Security Center event log (default) |