Scenario: Configuring and using Endpoint Detection and Response

17 May 2024

ID 231813

To use Endpoint Detection and Response in the automatic mode, you must first configure it.

The scenario proceeds in stages:

  1. Configure IoC scans for potential threats

    By using IoC scans, you can configure a regular search for Indicators of Compromise (IoCs) on devices and automatic response measures to be taken if IoCs are found.

  2. Configure execution prevention

    You can define settings according to which Kaspersky Endpoint Security for Windows prevents the execution of certain objects (executable files and scripts) or the opening of Microsoft Office documents on your users' devices.

  3. View and analyze information about occurred alerts
  4. Take manual response measures

    While analyzing details of an alert, you may want to take additional measures or fine-tune the Endpoint Detection and Response feature:

    • Take manual response measures (for example, move the detected file to Quarantine or isolate the device on which the alert occurred).
    • Add the found IoCs to the settings of regular IoC scans, to check other devices for the same threat.
    • Add the detected object to the list of execution prevention rules, to prevent it from being executed in the future on the same and other devices.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.