Creating a disk image retrieval task

You can retrieve a disk image from selected Kaspersky Endpoint Agent for Windows host. To do so, you must create an NTFS disk image retrieval task.

The resulting file can be saved only to a shared network resource.

To create a disk image retrieval task:

1. Select the Tasks section in the application web interface window.

   This opens the task table.

2. Click the Add button and select Disk image in the Get data drop-down list.

   This opens the task creation window.

3. Configure the following settings:
   1. Share path—path to a shared network resource.

      You need to specify the path in the Universal Naming Convention (UNC) format: \\server\share\path.

      If the last folder with the specified name is absent, Kaspersky Endpoint Agent will create one. If creation is unsuccessful, an error will be displayed in the web interface of Kaspersky Anti Targeted Attack Platform.

   2. User name—user name of the account used to access the shared network resource.
   3. Password—password of the account used to access the shared network resource.
   4. Under Disk type, select one of the following options:
      • Logical.
      • Physical.
   5. If you selected Logical, enter a% SystemDrive% variable or a drive letter without the colon and slash in the Volume field.
   6. If you selected Physical, enter the disk number in the Physical drive field.
   7. Select the Split file into parts check box if you want the file to be divided into multiple parts when saved.
   8. If you selected the check box, in the Part size, GB field, specify the minimum size of one part of the saved file.

      The minimum part size must be more than one gigabyte.

   9. Description is the task description. This field is optional.
   10. Host—the IP address or name of the host to which you want to assign the task.
4. Click Add.

The disk image retrieval task will be created. The task runs automatically after it is created.

The application places an archive containing a file or files in the EWF or RAW format in a network share. You can convert files from the RAW format to the EWF format.

If you are using Kaspersky Endpoint Agent in the role of the Endpoint Agent component, the task can be assigned only to hosts running Kaspersky Endpoint Agent for Windows version 3.14 and later.

Users with the Security auditor role cannot create tasks.

Users with the Security officer role do not have access to tasks.