Support

Support for business applications

Kaspersky Endpoint Security 11 for Windows

Detection and Response solutions

Endpoint Detection and Response

Kaspersky Endpoint Security 11 for Windows
Нет результатов
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools Product videos

Endpoint Detection and Response

25 April 2024

ID 213425

Get as PDF

Kaspersky Endpoint Security 11.7.0 now has a built-in agent for the Kaspersky Endpoint Detection and Response Optimum solution (hereinafter also "EDR Optimum"). Kaspersky Endpoint Security 11.8.0 now has a built-in agent for the Kaspersky Endpoint Detection and Response Expert solution (hereinafter also "EDR Expert"). Kaspersky Endpoint Detection and Response is a range of solutions for protecting the corporate IT infrastructure from advanced cyber threats. The functionality of the solutions combines automatic detection of threats with the ability to react to these threats to counteract advanced attacks including new exploits, ransomware, fileless attacks, as well as methods using legitimate system tools. EDR Expert offers more threat monitoring and response functionality than EDR Optimum. For details about the solutions, see the Kaspersky Endpoint Detection and Response Optimum Help and the Kaspersky Endpoint Detection and Response Expert Help.

Kaspersky Endpoint Detection and Response reviews and analyses threat development and provides security personnel or the Administrator with information about the potential attack that is necessary for a timely response. Kaspersky Endpoint Detection and Response displays alert details in a separate window. Alert Details is a tool for viewing the entirety of collected information about a detected threat. Alert details include, for example, the history of files appearing on the computer. For details about managing alert details, refer to the Kaspersky Endpoint Detection and Response Optimum Help and the Kaspersky Endpoint Detection and Response Expert Help.

Kaspersky Endpoint Detection and Response uses the following Threat Intelligence tools:

  • The Kaspersky Security Network (hereinafter also referred to as "KSN") cloud service infrastructure, which provides access to real-time file, website, and software reputation information from the Kaspersky knowledge base. Using data from Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the performance of some protection components, and reduces the likelihood of false positives. EDR Expert uses the Kaspersky Private Security Network (KPSN) solution, which sends data to regional servers without sending data from devices to the KSN.
  • Integration with the Kaspersky Threat Intelligence Portal portal, which contains and displays information about the reputation of files and web addresses.
  • Kaspersky Threats database.
  • Cloud Sandbox technology that lets you run suspicious files in an isolated environment and check their reputation.

In this Help section

Integration with Kaspersky Endpoint Detection and Response

Migration from Kaspersky Endpoint Agent

Scan for indicators of compromise (standard task)

Move file to Quarantine

Get file

Delete file

Process start

Terminate process

Execution prevention

Computer network isolation

Cloud Sandbox

Appendix 1. Supported file extensions for Execution prevention

Appendix 2. Supported script interpreters

Appendix 3. IOC scan scope in the registry (RegistryItem)

Appendix 4. IOC file requirements

Kaspersky Endpoint Security for Windows: Detection of advanced threats
Control systems which prevent damage from the sensitive data theft. Management from a single console. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.