Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox
Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox
November 17, 2023
ID 193083
Kaspersky Endpoint Agent can perform actions in response to threats detected by Kaspersky Sandbox.
You can configure the following types of actions:
- Local – actions to be performed on each device where a threat is detected.
- Group – actions to be performed on all devices of the administration group for which the policy is configured.
Local actions:
- Quarantine and delete.
- Notify device user.
- Push Endpoint Protection Platform scanning on critical areas.
Group actions:
- Run IOC Scanning on a managed group of devices.
- Quarantine and delete when IOC is found.
- Push Endpoint Protection Platform scanning on critical areas when IOC is found.
To configure group threat response actions, set up the permissions of the Kaspersky Security Center users whose accounts you want to use to manage IOC Scan tasks.
When configuring threat response actions, keep in mind that as a result of some actions, the object containing the threat may be deleted from the workstation where it was detected.
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.