Triggering response actions when working with device executable files

You can trigger response actions for an executable file, information about which was received during launch control of executable files on devices. To trigger a response action, the executable file must be associated with a device that has the Endpoint Agent software component and is prepared to receive data from EPP applications.

When working with the table of executable files, you can trigger the following response actions:

• Prevent run.
• Move to quarantine.
• Delete file.
• Terminate process.

To trigger a response action for an executable file:

1. Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using an Administrator or Security Officer account.
2. Select the Executable files tab in the Assets section.
3. In the executable files table, select the file you need.

   The details area appears in the right part of the web interface window.

4. In the details area, open the Threat response drop-down list to trigger the required response action.

   Items in the Threat response drop-down list are available if the Endpoint Agent software component is installed on the device associated with the executable file.

   A window with a confirmation prompt opens.

5. If a response action requires you to confirm the operation using your password, enter your password.
6. In the request window, confirm the start of the response action.

The application will register a new response action. You can view information about this action in the Events section on the Response actions tab.

Page top