Kaspersky Security Center

Viewing the list of detections performed using Adaptive Anomaly Control rules

14 April 2024

ID 172650

Expand all | Collapse all

To view the list of detections performed by Adaptive Anomaly Control rules:

  1. In the console tree, select the node of the Administration Server that you require.
  2. Select the Triggering of rules in Smart Training state subfolder (by default, this is a subfolder of Advanced → Repositories).

    The list displays the following information about detections performed using Adaptive Anomaly Control rules:

    • Administration group
    • Device name
    • Name
    • Status
    • Total times rules were triggered
    • User name
    • Source process path
    • Source process hash
    • Source object path
    • Source object hash
    • Target process path
    • Target process hash
    • Target object path
    • Target object hash
    • Processed

To view properties of each information element:

  1. In the console tree, select the node of the Administration Server that you require.
  2. Select the Triggering of rules in Smart Training state subfolder (by default, this is a subfolder of Advanced → Repositories).
  3. In the Triggering of rules in Smart Training state workspace, select the object that you want.
  4. Do one of the following:
    • Click the Properties link in the information box that appears on the right side of the screen.
    • Right-click and in the context menu select Properties.

The properties window of the object opens, displaying information about the selected element.

You can confirm or add to exclusions any element in the list of detections of Adaptive Anomaly Control rules.

To confirm an element,

Select an element (or several elements) in the list of detections and click the Confirm button.

The status of the element(s) will be changed to Confirming.

Your confirmation will contribute to the statistics used by the rules (for more information, refer to Kaspersky Endpoint Security 11 for Windows Help).

To add an element as an exclusion,

Right-click an element (or several elements) in the list of detections and select Add to exclusions in the context menu.

The Add exclusion wizard starts. Follow the wizard instructions.

If you reject or confirm an element, it will be excluded from the list of detections after the next synchronization of the client device with the Administration Server, and will no longer appear in the list.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.