Glossary
August 27, 2024
ID 90
Autorun points
A list of processes that are automatically started on the endpoints (mobile devices, computers, or laptops) in background mode when certain events occur (for example, loading of the operating system, logging in, starting file explorer, running scheduled tasks). Autorun program files may be hidden, which may be the reason for the implicit slowdown of the device or the evidence of malware on the device.
End User License Agreement
A binding agreement between you and AO Kaspersky Lab, stipulating the terms on which you may use the application.
Endpoint Protection Platform (EPP)
An integrated system of comprehensive endpoint protection (for example, mobile devices, computers or laptops) using various security technologies. An example of an Endpoint Protection Platform is Kaspersky Endpoint Security for Business.
EPP application
An application included in a protection system for endpoint devices (Endpoint Protection Platform, or EPP). Endpoint Protection Platform, EPP) EPP applications are installed on endpoint devices within the IT infrastructure of an organization (for example, mobile devices, computers, or laptops). An example of an EPP application is Kaspersky Endpoint Security for Windows as part of the EPP solution Kaspersky Endpoint Security for Business.
IOC
Indicator of Compromise. A set of data about a malicious object or action.
IOC file
A file that contains a set of compromise indicators that are compared to the indicators of an event. If the compared indicators match, the application considers the event to be a detection. The detection probability may increase if the scan finds exact matches between the object's data and multiple IOC files.
Kaspersky Endpoint Agent
Kaspersky Endpoint Agent is an application that is installed on individual devices within an organization's IT infrastructure. The application constantly monitors the processes running on these devices, as well as open network connections and files modifications. Kaspersky Endpoint Agent interacts with other Kaspersky solutions to detect comprehensive threats (such as targeted attacks).
OpenIOC
An open standard for Indicator of Compromise (IOC) description based on XML that contains over 500 various indicators of compromise.
OVAL rules
OVAL (Open Vulnerability and Assessment Language) is an open language for describing and assessing vulnerabilities. OVAL standardizes the following components of the assessment process:
- Submission of configuration data for the system.
- System analysis for the following entities: vulnerabilities, updates, patches, etc.
- Submission of reports on the system evaluation.
To perform the Security Audit task, the application uses files with OVAL rules in XML format. The application generates a report based on the scan results.
Targeted attack
An attack targeted at a specific person or organization. Unlike mass attacks by computer viruses aimed at infecting the maximum number of computers, targeted attacks can be aimed at infecting the network of a certain organization or even one server in the organization's IT infrastructure. A special trojan program may be developed for each targeted attack.
Telemetry
Data that the application analyzes on the protected device and sends to the Telemetry collection server. Telemetry is a list of events that occurred on the protected device.
Telemetry collection server
The type of server with which the application can be integrated. If integration is configured, the application sends telemetry to the server, receives tasks from the server, and generates reports on the execution of these tasks.
TLS encryption
Encryption of the connection between two servers, providing secure data transfer between the servers in the Internet.
Tracing
Execution of the application in debug mode, during which the application stops after the execution of each instruction and the execution result is displayed.
YARA file
YARA files are the files with the yara or yar extension that contain YARA rules.
YARA rules are the descriptions of signatures for targeted attacks and intrusions into the organization's IT infrastructure. Kaspersky Endpoint Agent scans the objects according to these rules. If the rule is executed, the analyzer issues an infection verdict with the corresponding details in the log.
