About Endpoint Detection and Response

17 May 2024

ID 231757

Kaspersky Endpoint Security Cloud monitors and analyzes threat progression, and provides you with information about possible attacks, to facilitate a timely manual response; or performs the predefined automated response.

This feature is available only if you activated Kaspersky Endpoint Security Cloud under a Kaspersky Endpoint Security Cloud Pro license.
If you activated Kaspersky Endpoint Security Cloud under a Kaspersky Endpoint Security Cloud Plus license, you have access to a limited functionality called Root-Cause Analysis.

To use this feature, you need Kaspersky Endpoint Security 11.8 for Windows or later.

Endpoint Detection and Response detects threats in the following types of objects:

  • Process
  • File
  • Registry key
  • Network connection

You can start using the Endpoint Detection and Response feature when you start Kaspersky Endpoint Security Cloud Management Console for the first time or after Kaspersky Endpoint Security Cloud is upgraded to a new version. If you did not start using Endpoint Detection and Response during the initial or additional setup of Kaspersky Endpoint Security Cloud, you can do it later.

To use Endpoint Detection and Response in the automatic mode, you must first configure it.

The Endpoint Detection and Response widget and table display alerts that occur on your users' devices. The widget shows up to 10 alerts and the table shows up to 1000 alerts. From the table, you can export information about all of the current alerts to a CSV file.

While analyzing the alert details, you may want to take additional measures or fine-tune the Endpoint Detection and Response feature.

If you want to stop using the feature, you can disable it and later enable it again.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.