Kaspersky Anti Targeted Attack Platform
5.0
English

Contents

[Topic 193604_1]

Creating tasks

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

To create a task:

  1. In the main Kaspersky Security Center Web Console window select DevicesTasks.
  2. Click the Add button.

    The task creation wizard will start.

  3. In the Application drop-down list, select Kaspersky Endpoint Agent.
  4. In the Task type drop-down list, select the required task type and follow the wizard instructions.
  5. To change the default values of the task settings immediately after its creation, select the Open task details when creation is complete check box on the Finish task creation page.

    If you do not select this check box, the task will be created with the default settings. You can subsequently change these settings at any time for the following task types:

  6. Click Finish.

The task will be created and displayed in the list of tasks.

You can start the created task manually or configure a scheduled task start.

Page top

[Topic 195882]

Viewing the table of tasks

To view the list of tasks,

select DevicesTasks in the main Web Console window.

A list of tasks appears. The tasks are grouped by the names of the applications for which they are created.

Page top

[Topic 195909]

Deleting a task from the list

To remove tasks from the list of tasks on Kaspersky Security Center server:

  1. In the main Kaspersky Security Center Web Console window select DevicesTasks.

    A list of tasks appears.

  2. In the list of tasks, select the check boxes next to the tasks that you want to delete.
  3. Click the Delete button.

    The action confirmation window opens.

  4. Click Yes.

The selected tasks will be deleted from the list.

Page top

[Topic 195910]

Configuring task schedule settings

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

To configure the scheduled task start:

  1. In the main Kaspersky Security Center Web Console window select DevicesTasks.
  2. To open the task settings window, click the task name.
  3. On the Schedule tab in the General section, change the toggle button from Schedule disabled to Run by schedule.
  4. In the Frequency drop-down list select one of the following options: At specified time, Every hour, Every day, Every week or On application launch.
  5. If you select the At specified time option, specify the day and time to start the task.
  6. If you select one of the following options: Every hour, Every day or Every week, configure the following settings:
    1. In the Every field, specify the task run frequency. For example, once a day or twice a week on Tuesdays and Thursdays.
    2. In the Start time and Start date fields, select the date and time from which the schedule applies.
  7. To configure advanced schedule settings, select the Advanced section and perform the following steps:
    1. If you want to set maximum timeout for the task execution, select the Quit task, running longer than check box and specify the number of hours and minutes after which the task will automatically terminate.
    2. If you want the task schedule to be valid until a certain date, select the Cancel schedule from check box and specify the expiration date for the schedule.
    3. If you want the application to start the tasks that were not completed on time as soon as possible, select the Run missed tasks check box.
    4. If you want to avoid simultaneous access of a large number of devices to the Administration Server as well as to run the task on workstations not precisely according to the schedule, but randomly within a certain time interval, select the Randomize the task start time within the interval check box and specify the start interval in minutes.
  8. Click the Save button.

Page top

[Topic 195973]

Starting tasks manually

The application starts tasks according to the schedule specified in the properties of each task. You can start the task manually at any time.

To start a task manually:

  1. In the main Kaspersky Security Center Web Console window select DevicesTasks.
  2. In the list of tasks, select the check box next to the task that you want to start.
  3. Click Start.

The task will be started. You can check the task status in the Status column or by clicking the Result button.

Page top

[Topic 195912]

Creating Kaspersky Endpoint Agent activation tasks

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

You can activate Kaspersky Endpoint Agent using a license key from the Kaspersky Security Center key store. For detailed information on managing license keys using Kaspersky Security Center, refer to the Kaspersky Security Center Help.

To create Kaspersky Endpoint Agent activation task:

  1. In the main Kaspersky Security Center Web Console window select DevicesTasks.
  2. Click the Add button.

    The task creation wizard will start.

  3. In the Application drop-down list, select Kaspersky Endpoint Agent.
  4. In the Task type drop-down list, select Application activation.
  5. In the Task name field, specify the display name of the task.
  6. To create a task for devices of a specific Administration Server group, perform the following actions:
    1. In the Selecting devices to which the task is assigned group of settings, select the Group of devices option and click Next.
    2. Select the desired Administration Server group and click Next.
  7. To create a task for specific devices using a range of IP addresses, NetBIOS names, DNS names, or to select devices from the list of devices detected in the network by the Administration Server, perform the following actions:
    1. In the Selecting devices to which the task is assigned group of settings, select the Selected or imported from the list option and click Next.
    2. Add devices to the list by the required criteria and click Next.
  8. To create a task for devices of a specific selection, perform the following actions:
    1. In the Selecting devices to which the task is assigned group of settings, select the Selection option and click Next.
    2. Select the desired selection from the list and click Next.
  9. In the Select a license key window, select the required license key from the list of Kaspersky Security Center keys available in the key storage.
  10. If you want to add this license key as an additional one to automatically renew the license, select the Use as additional key check box.
  11. Click Next.
  12. In the Selecting an account to run a task window, select the desired account and click Next.
  13. To change the default values of the task settings immediately after its creation, select the Open task details when creation is complete check box on the Finish task creation page.
  14. Click Finish.

The task will be created and displayed in the list of tasks.

You can start the created task manually or configure a scheduled task start.

Page top

[Topic 200386]

Configuring Database and application module update task

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

Task creation is performed before, as an individual step.

If you selected the Open task details when creation is complete check box on the Finish task creation page during the task creation, proceed to step 4 of the following instruction.

To configure the Database and application module update task settings:

  1. In the main Kaspersky Security Center Web Console window select DevicesTasks.
  2. To open the task settings window, click the task name.
  3. Select the Application settings tab.
  4. Select the Connection settings section.
  5. If you use Kaspersky Security Center, in the Update source group of settings, select one of the following options:
    • Kaspersky Security Center Administration Server.
    • Kaspersky update servers.
    • Custom HTTP or FTP servers or network folders.
  6. If you use Kaspersky Security Center Cloud Console, in the Update source group of settings, select one of the following options:
    • Distribution points. Devices with Network Agent installed are used as the update source.

      Detailed information on using the distribution points is available in the Kaspersky Security Center Cloud Console Help.

    • Kaspersky update servers. Kaspersky update servers are used as the update source.
  7. If required, select the Use Kaspersky update servers if specified servers are not available check box.

    Not available in Kaspersky Security Center Cloud Console.

  8. If you select Custom HTTP or FTP servers or network folders as database update source, do the following:

    Not available in Kaspersky Security Center Cloud Console.

    1. Click the Settings link to open the Custom update sources window.
    2. Add the update sources to the list by following these steps:
      1. Click the Add button.
      2. In the dialog box that opens, in the Web address field, enter the address of the update server (HTTP or FTP), or the path to the network folder or local folder containing the update files, and click OK.
      3. If you want to use the database update source, switch the toggle button next to its address to Enable.

        Follow the same steps to add each update source.

      4. Click OK.

        The Custom update sources window closes.

  9. Select the Update settings section.
  10. In the Update settings section, select the conditions for the application to check for the availability of application module updates:
    • Do not check for updates. Kaspersky Endpoint Agent will not check the availability of application module updates.
    • Only check for availability of critical software modules updates. Kaspersky Endpoint Agent will check the availability only for important application module updates.
    • Download and install critical software modules updates. Kaspersky Endpoint Agent will check the availability of application module updates and download and install critical application module updates.
  11. If you want the application to display a notification about all scheduled application modules updates available in the update source, select the Receive information about available scheduled application module updates check box.
  12. Click the Save button.

You can start the created task manually or configure a scheduled task start.

See also

Creating tasks

Viewing the table of tasks

Deleting a task from the list

Configuring task schedule settings

Starting tasks manually

Creating Kaspersky Endpoint Agent activation tasks

Managing Standard IOC Scan tasks

Configuring the Quarantine file task

Configuring the Delete file task

Configuring the Run process task

Configuring the Terminate process task
Page top
[Topic 199816]

Managing Standard IOC Scan tasks

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

Standard IOC Scan tasks are group or local tasks that are created and configured manually in Kaspersky Security Center or through the command line interface. IOC files prepared by the user are used to run the tasks.

Only the files with IOC rules can be specified for the IOC Scan task. Files with other types of rules are not supported for the IOC Scan task.

This section provides instructions on how to manage Standard IOC Scan tasks.

See also

Creating tasks

Viewing the table of tasks

Deleting a task from the list

Configuring task schedule settings

Starting tasks manually

Creating Kaspersky Endpoint Agent activation tasks

Configuring Database and application module update task

Configuring the Quarantine file task

Configuring the Delete file task

Configuring the Run process task

Configuring the Terminate process task

In this Help section

Requirements for IOC files

Supported IOC terms

Configuring Standard IOC Scan task

Viewing IOC Scan task execution results
Page top
[Topic 194312_1]

Requirements for IOC files

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

When creating IOC Scan tasks, consider the following requirements and limitations related to

IOC files
:

  • Kaspersky Endpoint Agent supports IOC files with the ioc and xml extensions. These files use open standard for IOC description – OpenIOC versions 1.0 and 1.1.
  • Only the files with IOC rules can be specified for the IOC Scan task. Files with other types of rules are not supported for the IOC Scan task.
  • If, when creating the IOC Scan task, you upload some IOC files that are not supported by Kaspersky Endpoint Agent then when the task starts, the application will use only supported IOC files.
  • If, when creating the IOC Scan task, none of the downloaded IOC files is supported by Kaspersky Endpoint Agent, the task can be started, but as a result of the task execution, no indicators of compromise will be detected.
  • Semantic errors and IOC terms and tags in IOC files that are not supported by the application do not cause the task execution errors. The application just does not detect matches in such sections of IOC files.
  • Identifiers of all IOC files
    that are used in the same IOC Scan task must be unique. The presence of IOC files with the same identifier can affect the correctness of the task execution results.
  • The size of a single IOC file must not exceed 3 MB. Using larger files results in the failure of IOC Scan tasks. In this case, the total size of all added files in the IOC collection can exceed 3 MB.
  • It is recommended to create one IOC file per each threat. This makes it easier to read the results of the IOC Scan task.

The table below shows the features and limitations of the OpenIOC standard supported by the application.

Features and limitations of the OpenIOC standard versions 1.0 and 1.1

Supported conditions

OpenIOC 1.0:

is

isnot (as an exclusion from the set)

contains

containsnot (as an exclusion from the set)

OpenIOC 1.1:

is

contains

starts-with

ends-with

matches

greater-than

less-than

Supported condition attributes

OpenIOC 1.1:

preserve-case

negate

Supported operators

AND

OR

Supported data types

date: date (applicable conditions: is, greater-than, less-than)

int: integer number (applicable conditions: is, greater-than, less-than)

string: string (applicable conditions: is, contains, matches, starts-with, ends-with)

duration: duration in seconds (applicable conditions: is, greater-than, less-than)

Data types interpretation details

The following data types are interpreted as string: Boolean string, restricted string, md5, IP, sha256, base64Binary.

The application supports interpretation of the Content parameter specified as intervals for the following data types: int and date:

OpenIOC 1.0:

Using the TO operator in the Content field:

<Content type="int">49600 TO 50700</Content>

<Content type="date">2009-04-28T10:00:00Z TO 2009-04-28T16:00:00Z</Content>

<Content type="int">[154192 TO 154192]</Content>

OpenIOC 1.1:

Using the greater-than and less-than conditions

Using the TO operator in the Content field

The application supports interpretation of the date and duration data types if the indicators are specified in the ISO 8601, Zulu time zone, UTC format.

Supported IOC terms

The full list of supported IOC terms is provided in a separate table.

See also

Supported IOC terms

Configuring Standard IOC Scan task

Viewing IOC Scan task execution results
Page top
[Topic 194662_1]

Supported IOC terms

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

The file that can be downloaded by the following link contains a table with a full list of supported IOC terms of the OpenIOC standard.

DOWNLOAD IOC_TERMS.XLSX FILE

Page top

[Topic 199237_1]

Configuring Standard IOC Scan task

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

Task creation is performed before, as an individual step.

If you selected the Open task details when creation is complete check box on the Finish task creation page during the task creation, proceed to step 4 of the following instruction.

Only the files with IOC rules can be specified for the IOC Scan task. Files with other types of rules are not supported for the IOC Scan task.

To configure the Standard IOC Scan task settings:

  1. In the main Kaspersky Security Center Web Console window select DevicesTasks.
  2. To open the task settings window, click the task name.
  3. Select the Application settings tab.
  4. In the IOC scan settings section, configure the IOC collection by following these steps:
    1. In the IOC collection group of settings click the Redefine IOC files button.
    2. In the dialog that opens, click the Add IOC files button and specify the IOC files that you want to use for the task.

      You can select multiple IOC files for a single IOC Scan task.

    3. Click OK to close the dialog box.

      If, when creating the IOC Scan task, you upload some IOC files that are not supported by Kaspersky Endpoint Agent then when the task starts, the application will use only supported IOC files.

    4. To view the list of all IOC files that are included in the IOC collection, as well as to obtain information about each IOC file, do the following:
      1. Click the link with the names of all downloaded IOC files in the IOC files group of settings.

        The IOC contents window opens.

      2. To view detailed information about an individual IOC file, click the name of the required IOC file in the list of files on the IOC collection tab.

        In the window that opens, information about the selected IOC file will be displayed.

      3. To close the window with information about the selected IOC file, click OK or Cancel.
      4. To view information about all downloaded IOC files at once, open the IOC data tab.

        Information about each downloaded IOC file will be displayed in the workspace of the window.

      5. If you do not want to use a specific IOC file when the IOC Scan task is executed, on the IOC collection tab, switch the toggle button next to the IOC file name from Include to Exclude.
      6. Click OK to save the changes and close the IOC contents window.
    5. To export the created IOC collection, click the Export IOC collection button.

      In the window that opens, specify the name of the file and select the folder where you want to save it.

    6. Click the Save button.

      The application creates a ZIP file in the specified folder.

    7. In the Retrospective IOC scan group of settings configure the settings for
      Retrospective IOC scan mode
      :
      1. In the Retrospective IOC Scan group of settings enable the Perform Retrospective IOC Scan within the interval option.
      2. Specify the time interval.

        During the task execution, the application analyzes data collected during the specified time interval, including the boundaries of the specified interval (from 00:00 on the start date until 23:59 on the end date). The default interval starts at 00:00 on the day preceding the task creation day and ends at 23:59 on the day when the task was created.

        If during execution of the IOC Scan task with the Perform Retrospective IOC Scan within the interval option enabled the application does not find any data for the specified time interval to be analyzed, it does not inform about this. In this case, the application shows no indicators of compromise in the task completion report.

    8. In the Actions group of settings, configure the response actions on detecting the indicator of compromise:
      1. Select the Take response actions after an indicator of compromise is found check box.
      2. Select the Isolate device from the network check box to enable network isolation of the device on which indicator of compromise is detected by Kaspersky Endpoint Agent.
      3. Select the Quarantine and delete check box to quarantine the detected object and remove it from the device.
      4. Select the Run critical areas scan on the device check box so that Kaspersky Endpoint Agent sends a command to EPP application to scan critical areas on all the devices of the administration group on which indicators of compromise are detected.

      If the Quarantine and delete or Run critical areas scan option is enabled, Kaspersky Endpoint Agent may recognize the detected files as infected and delete them from the device in response.

    9. In the Protection of critical system files group of settings, select the Do not perform actions on critical system files check box if you want to protect critical system files from being quarantined or deleted when an indicator of compromise is detected.

      The option is available only if the Quarantine and delete option is selected in the Actions group of settings.

      If this option is selected and an object is a critical system file, the application does not perform any actions on this object. This information is logged in the task execution report.

  5. In the Advanced section, select data types (IOC documents) that you want to analyze during the task execution and configure the additional scan settings:
    1. In the Select data types (IOC documents) to analyze during IOC scanning group of settings, select the check boxes next to the required IOC documents.

      Depending on the loaded IOC files, some check boxes may be disabled.

      Kaspersky Endpoint Agent automatically selects data types (IOC documents) for the IOC Scan task in accordance to the contents of the downloaded IOC files. It is not recommended to unselect data types manually.

    2. If the Analyze file data (FileItem) check box is selected, click the Advanced (FileItem) link and in the FileItem document scan settings window that opens, select the scan areas on the protected device drives where to look for indicators of compromise.

      You can select one of the predefined areas, or specify the paths to the desired areas manually.

    3. Click OK to save the changes and close the FileItem document scan settings window.
    4. If the Analyze WEL data (EventLogItem) check box is selected, click the Advanced (EventLogItem) link and in the EventLogItem document scan settings window that opens, configure additional event analysis settings:
      • Scan only events that are logged within the specified period.

        If the check box is selected, only the events that were logged during the specified period will be taken into account during the task's execution.

      • Scan events that belong to the following channels.

        List of channels to be analyzed during the task's execution.

    5. Click OK to save the changes and close the FileItem document scan settings window.
  6. Click the Save button.

You can start the created task manually or configure a scheduled task start.

Page top

[Topic 199817]

Viewing IOC Scan task execution results

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

To view the IOC Scan task execution results:

  1. In the main Kaspersky Security Center Web Console window select DevicesTasks.
  2. To open the task settings window, click the task name.
  3. Select the Application settings tab.
  4. Select the IOC Scan results section.
  5. In the Device drop-down list, select the devices, for which you want to view the results of IOC Scan task.

    A summary table with the task execution results on the selected devices will be displayed.

    If compromise indicators are detected on devices, the Results column displays the compromise indicators detected link.

  6. If you want to view detailed information on the detected compromise indicators on a specific device, do the following:
    1. Click the compromise indicators detected link in the row with the name of the desired device.

      The IOC Scan results window opens that contains a list of all IOC files used in the task. If there is an object on the selected device that matches a certain compromise indicator, the Status column displays the Match value.

    2. Click the Match link in the row with the name of the desired IOC file.

      The IOC incident card window opens.

      The IOC incident card contains information about objects on the device that match the conditions of the processed IOC file, as well as the text of the matched branches or individual conditions from this IOC file.

      Viewing the IOC incident card is not available for IOC files for which no matches were detected on the device during scanning.

See also

Requirements for IOC files

Supported IOC terms

Configuring Standard IOC Scan task
Page top
[Topic 206803]

Configuring the Quarantine file task

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

If you suspect that an infected or probably infected file is on the computer, you can isolate it by moving it to quarantine.

Task creation is performed before, as an individual step.

If you selected the Open task details when creation is complete check box on the Finish task creation page during the task creation, proceed to step 4 of the following instruction.

To configure the Quarantine file task settings:

  1. In the main Kaspersky Security Center Web Console window select DevicesTasks.
  2. To open the task settings window, click the task name.
  3. Select the Application settings tab.
  4. In the Specify the file to be Quarantined drop-down list, select one of the following values: Specify the file by full path or Specify the file by folder path and checksum.
  5. If you select the Specify the file by its full path option, specify the value in the File full path field.
  6. If you select the Specify the file by folder path and checksum option, configure the following settings:
    • In the Checksum type drop-down list, select one of the following values: MD5 or SHA256.
    • Specify the value in the File checksum field.
    • Specify the value in the File folder path field.
  7. In the Actions after quarantining file group of settings, select whether the file must be deleted from the protected device after quarantining.

    If the file is locked by another process, the file will only be deleted after the device has been rebooted.

  8. In the Protection of critical system files group of settings, select the Do not perform actions on critical system files check box if you want to exclude critical system files from the task scope.

    If this option is selected and an object is a critical system file, the application does not perform any actions on this object. This information is logged in the task execution report.

  9. Click the Save button.

You can start the created task manually or configure a scheduled task start.

If the file is locked by another process, the task will be displayed with the Completed status, but the file itself will only be quarantined after the device has been restarted. It is recommended to check whether the task was completed successfully after the device has been restarted.

The Quarantine file task may fail with the Access denied error if you try to quarantine an executable file that is currently running. To solve this problem, create the Terminate process task for this file and try to create a Quarantine file task again.

Page top

[Topic 195916]

Configuring the Delete file task

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

Task creation is performed before, as an individual step.

If you selected the Open task details when creation is complete check box on the Finish task creation page during the task creation, proceed to step 4 of the following instruction.

To configure the Delete file task settings:

  1. In the main Kaspersky Security Center Web Console window select DevicesTasks.
  2. To open the task settings window, click the task name.
  3. Select the Application settings tab.
  4. In the File to delete list, click the Add button.
  5. The File to delete dialog box opens.
  6. In the Specify the file to delete drop-down list, select one of the following values: Specify the file by its full path or Specify the file by its folder path and checksum.
  7. If you select the Specify the file by its full path option, specify the value in the File full path field.
  8. If you select the Specify the file by folder path and checksum option, configure the following settings:
    • In the Checksum type drop-down list, select one of the following values: MD5 or SHA256.
    • Specify the value in the File checksum field.
    • Specify the value in the File folder path field.
    • Select the Including subfolders check box for the application to delete all occurrences of the object not only in the specified folder, but also in all its subfolders.
  9. Click OK to add the specified object to the File to be removed list.

    You can specify several objects for deletion in one Delete file task.

  10. In the Protection of critical system files group of settings, select the Do not perform actions on critical system files check box if you want to exclude critical system files from the task scope.

    If this option is selected and an object is a critical system file, the application does not perform any actions on this object. This information is logged in the task execution report.

  11. Click the Save button.

You can start the created task manually or configure a scheduled task start.

If the file is locked by another process, the task will be displayed with the Completed status, but the file itself will only be deleted after the device has been restarted. It is recommended to check whether the file was deleted successfully after the device has been restarted.

Deleting a file from a connected network drive is not supported.

Page top

[Topic 195917]

Configuring the Run process task

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

Using the Run process task, you can run the required application or command on the device.

Task creation is performed before, as an individual step.

If you selected the Open task details when creation is complete check box on the Finish task creation page during the task creation, proceed to step 4 of the following instruction.

To configure the Run process task settings:

  1. In the main Kaspersky Security Center Web Console window select DevicesTasks.
  2. To open the task settings window, click the task name.
  3. Select the Application settings tab.
  4. To run the application using the command line (cmd.exe) or execute a command, type the required command in the Executable command field.
  5. If you want to run the application directly, do the following:
    1. Specify the path to the application executable file in the Working folder field.
    2. Specify the keys for running the application in the Arguments field.
  6. Click the Save button.

You can start the created task manually or configure a scheduled task start.

Page top

[Topic 195918]

Configuring the Terminate process task

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

If you believe that a process running on the device could threaten the security of the device or the corporate LAN, you can terminate the process.

Task creation is performed before, as an individual step.

If you selected the Open task details when creation is complete check box on the Finish task creation page during the task creation, proceed to step 4 of the following instruction.

To configure the Terminate process task settings:

  1. In the main Kaspersky Security Center Web Console window select DevicesTasks.
  2. To open the task settings window, click the task name.
  3. Select the Application settings tab.
  4. In the File full path field specify the path to the file of the process that you want to terminate.
  5. In the Checksum type drop-down list, select one of the following values: Not specified, MD5 or SHA256.
  6. If you select MD5 or SHA256, specify the value in the Checksum field.
  7. If you want the application to consider the character case in the path to the process file, select the Path is case sensitive check box.
  8. In the Protection of critical system files group of settings, select the Do not perform actions on critical system files check box if you want to exclude critical system files from the task scope.

    If this option is selected and an object is a critical system file, the application does not perform any actions on this object. This information is logged in the task execution report.

  9. Click the Save button.

You can start the created task manually or configure a scheduled task start.

Page top

[Topic 195919]