About Root-Cause Analysis
March 5, 2024
ID 212591
Kaspersky Endpoint Security Cloud allows you to detect and root out advanced attacks, perform root-cause analysis with a visualized threat development chain graph, and drill down to details for further review.
This feature is available only if you activated Kaspersky Endpoint Security Cloud under a Kaspersky Endpoint Security Cloud Plus license.
If you activated Kaspersky Endpoint Security Cloud under a Kaspersky Endpoint Security Cloud Pro license, you have access to the full-fledged Endpoint Detection and Response.
To use this feature, you need Kaspersky Endpoint Security 11.8 for Windows or later.
Root-Cause Analysis detects threats in the following types of objects:
- Process
- File
- Registry key
- Network connection
You can start using the Root-Cause Analysis feature when you start Kaspersky Endpoint Security Cloud Management Console for the first time or after Kaspersky Endpoint Security Cloud is upgraded to a new version. If you did not start using Root-Cause Analysis during the initial or additional setup of Kaspersky Endpoint Security Cloud, you can do it later.
The Root-Cause Analysis widget and table display detections that occur on your users' devices and allow you to investigate a threat development chain graph for each detection. The widget shows up to 10 detections and the table shows up to 1000 detections.
From the Root-Cause Analysis table, you can export information about all of the current detections to a CSV file.
If you want to stop using the feature, you can disable it and later enable it again.
