Kaspersky Anti Targeted Attack Platform

Manually sending files from Endpoint Agent hosts to be scanned by Sandbox

You can enable or disable the manual sending of files from hosts with the Endpoint Agent component to be scanned by the Sandbox component. If this functionality is enabled, users of hosts with the Endpoint Agent component can use Sandbox to scan any file that they consider unsafe.

This functionality is available if the Kaspersky Endpoint Security for Windows and/or Kaspersky Endpoint Security for Linux applications are being used as the Endpoint Agent component and integration with Kaspersky Anti Targeted Attack Platform is configured for these components.

Sending files for scanning involves the following steps:

  1. Enabling the manual sending of files from hosts with the Endpoint Agent component to be scanned by the Sandbox component in the Kaspersky Anti Targeted Attack Platform web interface.
  2. Sending files to be scanned by the Sandbox component in Kaspersky Endpoint Security for Windows and Kaspersky Endpoint Security for Linux.

Based on the results of the scan, Kaspersky Anti Targeted Attack Platform may record an alert in the alert database. Details of these alerts are displayed in the Alerts by attack vector widget.

In

and , you must enable the manual sending of files to be scanned by the Sandbox component on each Central Node server on which you want to use it. If the Central Node component is deployed as a cluster, you can enable the functionality on any server in the cluster.

If you use only KATA functionality (KATA license key), in the Kaspersky Anti Targeted Attack Platform web interface, the Endpoint Agents section displays a list of hosts from which files have been sent for scanning by the Sandbox component. You can view this list and information about the selected host.

Page top
[Topic 284031]

Enabling and disabling the manual sending of files from Endpoint Agent hosts to be scanned by Sandbox

To enable or disable the manual sending of files to be scanned by the Sandbox component:

  1. In the window of the application web interface, select the Settings section, Endpoint Agents subsection.
  2. Under Send files from hosts for analysis to Sandbox manually, do the following:
    • Set the Send files toggle switch to Enabled if you want to enable the manual sending of files to be scanned by the Sandbox component.

      This functionality is enabled by default.

    • Set the Send files toggle switch to Disabled if you want to disable the manual sending of files to be scanned by the Sandbox component.
  3. Click Apply.

The manual sending of files from Endpoint Agent hosts to be scanned by the Sandbox component is enabled or disabled.

Page top
[Topic 284035]