Support

Support for business applications

Kaspersky Endpoint Security Cloud

Kaspersky Endpoint Security Cloud Management Console

Reports on device protection

List of reports on device protection

Adaptive Anomaly Control reports

Kaspersky Endpoint Security Cloud
Knowledge Base Online Help
Advice & Solutions FAQ Download latest version Try Buy Renew Forum Contact support Recovery tools

Adaptive Anomaly Control reports

5 March 2024

ID 231532

Kaspersky Endpoint Security Cloud provides you with two reports related to the Adaptive Anomaly Control feature: Adaptive Anomaly Control rules state and Adaptive Anomaly Control detections.

Adaptive Anomaly Control rules state report

This report displays states of Adaptive Anomaly Control rules. The report is displayed on the Reports tab only if you activated Kaspersky Endpoint Security Cloud under a Kaspersky Endpoint Security Cloud Pro license.

In the summary part, the report shows the distribution of Adaptive Anomaly Control rules by their state.

The table with detailed information includes the following columns:

  • Device name

    Device on which a rule has a certain state. If a rule is in the "Smart" mode, its state on different devices may vary: on some devices, the training may be finished while on others, it may still be in progress.

  • Rule name

    Name of the Adaptive Anomaly Control rule.

  • Rule state

    State of the Adaptive Anomaly Control rule.

  • Training progress, % (for rules in "Smart training" state)

    The value depends on the rule state:

    • For rules in the "Off", "Notify", or "Block" state, the value is always 0.
    • For rules in the "Smart training" state, the value is as follows:

      100%*(period from the latest unprocessed detection to now):(rule training duration)

    • For rules in the "Smart block" state, the value is always 100, because the training for them has already finished.
  • Number of detections (for rules in "Smart training" state)

    The value depends on the rule state:

    • For rules that are or have ever been in the "Smart training" state, the value is the number of actual detections that you have not processed yet.
    • For other rules, the value is always 0.

Adaptive Anomaly Control detections report

This report displays detections of Adaptive Anomaly Control. The report is displayed on the Reports tab only if you activated Kaspersky Endpoint Security Cloud under a Kaspersky Endpoint Security Cloud Pro license. The report includes the following columns:

  • Device name

    Device on which the detection occurred.

  • User name

    Owner of the device on which the detection occurred.

  • Rule name

    Name of the Adaptive Anomaly Control rule that made the detection.

  • Action

    Mode of the Adaptive Anomaly Control rule (Notify, Block, or Smart).

  • Source process and Source object

    The object that performed the detected actions (for example, a file that the user opened).

  • Target process and Target object

    The object on which the detected actions were performed (for example, a browser that uses a library that is loaded into the computer memory as a result of opening the file).

Kaspersky Endpoint Security Cloud: High protection of the business via a cloud-based console
Protection of all devices against advanced threats. Take control of your cloud with Cloud Discovery.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.