Support

Support for business applications

Kaspersky Endpoint Detection and Response Expert

Response actions

About IOC scan
Kaspersky Endpoint Detection and Response Expert
Online Help
Advice & Solutions FAQ Download Forum Contact support Recovery tools Product videos

About IOC scan

March 20, 2024

ID 221325

An Indicator of Compromise (also referred to as IOC) is a set of data about an object or activity that indicates unauthorized access to the device (data compromise). For example, many unsuccessful attempts to sign in to the system can constitute an Indicator of Compromise. The IOC Scan task allows finding Indicators of Compromise on the device and performing threat response actions.

IOC files are used to search for IOCs. IOC files contain a set of indicators that are compared to the indicators of an event. If the compared indicators match, the EPP application considers the event to be an alert. IOC files must conform to the OpenIOC standard.

When an IOC is detected on a device, Kaspersky Endpoint Detection and Response Expert performs the specified response action. The following response actions are available for detected IOCs:

  • Isolate device from the network.
  • Run Critical Areas Scan.
  • Move the copy to the quarantine, and then delete the object.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.