Managing Endpoint Agent host information

The application that is used as the Endpoint Agent component is installed on individual computers (hereinafter also referred to as "hosts") in the IT infrastructure of the organization. The application continuously monitors processes running on those hosts, active network connections, and files that are being modified.

Users with the Senior security officer, Security officer, Security auditor, Local administrator, or Administrator role can assess how regularly data is received from hosts with the Endpoint Agent component on the Endpoint Agents tab of the web interface window of the Central Node server for tenants to whose data the user has access. If you are using the distributed solution and multitenancy mode, the web interface of the PCN server displays the list of hosts with the Endpoint Agent component for the PCN and all connected SCNs.

Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

Users with the Local administrator and Administrator roles can configure the display of how regularly data is received from hosts with Endpoint Agent for tenants to whose data they have access.

If suspicious network activity is detected, users with the Senior security officer role can isolate from the network any host with Kaspersky Endpoint Agent, for tenants to whose data the user has access. In this case, the connection between the server with the Central Node component and a host with the Endpoint Agent component will not be interrupted.

In order to provide support in case of problems with the Endpoint Agent component, Technical Support staff may ask you to perform the following actions for debugging purposes (including in Technical Support Mode):

• Activate collection of extended diagnostic information.
• Modify the settings of individual application components.
• Modify the settings for storing and sending the obtained diagnostic information.
• Configure network traffic to be intercepted and saved to a file.

Technical Support staff will provide all the information needed to perform these operations (description of the sequence of steps, settings to be modified, configuration files, scripts, additional command line functionality, debugging modules, special-purpose utilities, and other resources) and inform you about the scope of data obtained for debugging purposes. The retrieved diagnostic information is saved on the user's computer. The retrieved data is not automatically sent to Kaspersky.

The operations listed above should be performed only when instructed by and under the supervision of Technical Support experts. Unsupervised changes to application settings performed in ways other than those described in this manual or according to the instructions of Technical Support experts can slow down or crash the operating system, reduce computer security, or compromise the availability and integrity of data being processed.