Support

Support for business applications

Kaspersky Endpoint Agent

Managing the application using Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console

Configuring Kaspersky Endpoint Agent settings

Configuring the integration of Kaspersky Endpoint Agent with Kaspersky Sandbox

Configuring IOC Scan tasks start

Kaspersky Endpoint Agent
Нет результатов
Online Help
FAQ Forum Contact support Recovery tools Product videos

Configuring IOC Scan tasks start

August 27, 2024

ID 200592

Expand all | Collapse all

To configure the start of IOC Scan tasks:

  1. Do one of the following:
    • Open the application properties window for an individual device.
    • Open the policy properties window.
  2. In the Kaspersky Sandbox integration section select the Threat Response subsection.
  3. In the Additional group of settings, click the Configure IOC scanning link.
  4. In the Scanning scope group of settings in the right part of the window, select one of the following areas where Kaspersky Endpoint Agent will search for IOCs:
    • File areas on system drives of the device.
    • Critical file areas on the device.
  5. In the Configure IOC scanning group of settings, select one of the following options to start IOC Scan tasks:
    • Manual start.

      IOC Scan tasks will be created automatically, but will not be started. You can start distinct tasks individually or all tasks manually.

    • Immediately after Kaspersky Sandbox detects a threat.

      IOC Scan tasks will be automatically created and started.

    • Start within the specified time interval.

      IOC Scan tasks will be created automatically and started in the specified period. For example, during after hours from 8:00 pm to 7:00 am.

      If you select the Start within the specified time interval option, specify the start and end of the period in the Start time (hh:mm) and End time (hh:mm) fields.

      All IOC Scan tasks that were automatically created BEFORE the beginning of the specified period will start at any time WITHIN the specified period.

      All IOC Scan tasks that were automatically created WITHIN the specified period will start immediately.

      All IOC Scan tasks that were automatically created AFTER the beginning of the specified period will start the next day.

    Example:

    If you configured the tasks to run during the specified period from 8:00 p.m. to 7:00 a.m.

    Tasks that were automatically created at 7 p.m. are started at any arbitrary time from 8:00 p.m. to 7:00 a.m.

    Tasks that were automatically created at 9 p.m. are started at 9 p.m.

    Tasks that were automatically created at 8:00 a.m. are started during the next task execution period, from 8:00 p.m. to 7:00 a.m.
  6. Click OK.
  7. If you configure the policy settings, in the upper right corner of the group of settings, change the switch from Undefined to Enforce.
  8. Click OK.
  9. In the policy properties window, click Save.

See also

Enabling and disabling integration with Kaspersky Sandbox

Configuring trusted connection on Kaspersky Endpoint Agent side

Adding Kaspersky Sandbox servers to Kaspersky Endpoint Agent list

Configuring the response timeout of Kaspersky Sandbox and request queue settings

Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox

Enabling detection of legitimate applications that can be used by cybercriminals
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.