Viewing information about a host

To view information about a Kaspersky Endpoint Agent host:

1. Select the Endpoint Agents section in the window of the program web interface.
2. Select the host for which you want to view information.

This opens a window containing information about the host.

The window contains the following information:

• Recommendations group:
  • Clicking the Alerts link opens the Alerts section with the search condition containing the selected host.
  • Clicking the Events link opens the Threat Hunting section with the search condition containing the selected host.
  • Clicking the Events affected by prevention rules link opens the Threat Hunting section with the search condition containing the selected host and the Blocked application (prevention rule) event type.

  The Events affected by prevention rules link is not displayed in the information for hosts with Kaspersky Endpoint Agent for Linux.

• On the Details tab, the Host section displays the following information:
  • Name—Name of the host with Kaspersky Endpoint Agent.
  • IP—IP address of the host where Kaspersky Endpoint Agent is installed.
  • OS—Version of the operating system on the host with the Kaspersky Endpoint Agent program installed.
• On the Details tab, the Endpoint Agent section displays the following information:
  • Version—Version of Kaspersky Endpoint Agent installed.
• Activity—Activity indicator of Kaspersky Endpoint Agent. Possible values:
  • Normal activity for hosts from which latest data was recently received.
  • Warning for hosts from which latest data was received a long time ago.
  • Critical inactivity for hosts from which latest data was received an extremely long time ago.
• Server—Name of the SCN or PCN server. Only displayed in
  distributed solution

  

  Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

  and
  multitenancy mode

  

  Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

  .
• Connected to server—Name of the Central Node server.
• Last connection—time of the last connection to the Central Node, SCN, or PCN server.
• License key status—For example, "OK".
• On the Prevention rules tab, you can see MD5 or SHA256 hashes for files that were prevented from running or opening on the host. The following information is displayed:
  • Name—Name of the file.
  • State—State of the prevention rule.
  • Hash—Hashing algorithm.

  The Prevention rules tab is not displayed in the information for hosts with Kaspersky Endpoint Agent for Linux.

• On the Tasks tab, you can see which tasks were run on the host. The following information is displayed:
  • Time created—Task creation date and time.
  • Name—Task name.
  • Details—Full path to the file or data stream for which the task was created.
  • State—Task completion status.

Clicking the link with the host name opens a list in which you can select one of the following actions:

• Run the following tasks:
  • Kill process.
  • Delete file.
  • Get file.
  • Get forensics.
  • Quarantine file.
  • Run program.
• New prevention rule.
• Isolate from network.
• Find events.
• Find alerts.
• Copy value to clipboard.

  For hosts with Kaspersky Endpoint Agent for Linux, the list displayed by clicking the link with the host name includes only Get file, Run program, Find events, and Find alerts.

Clicking the link with the IP opens a list in which you can select one of the following actions:

• Find alerts.
• Copy value to clipboard.