This component is available if Kaspersky Endpoint Security is installed on a computer that runs on Windows for servers. This component is unavailable if Kaspersky Endpoint Security is installed on a computer that runs on Windows for workstations.
Starting with version 11.11.0, Kaspersky Endpoint Security for Windows includes the Log Inspection component. Log Inspection monitors the integrity of the protected environment based on the Windows event log analysis. When the application detects signs of atypical behavior in the system, it informs the administrator, as this behavior may indicate an attempted cyber attack.
Kaspersky Endpoint Security analyzes Windows event logs and detects violation in accordance with rules. The component includes predefined rules. Predefined rules are powered by heuristic analysis. You can also add your own rules (custom rules). When a rule triggers, the application creates an event with the Critical status (see figure below).
If you want to use Log Inspection, make sure security the audit policy is configured and the system is logging the relevant events (for details, see the Microsoft technical support website.).
Log Inspection notification