internetfoki.blogg.se - Target kaspersky anti virus

#Target kaspersky anti virus full#
#Target kaspersky anti virus windows#

Kaspersky Endpoint Security and Kaspersky Security for Windows Server send information about detected threats and threat processing results to Kaspersky Endpoint Agent.In this case, Kaspersky Endpoint Agent also sends information about threats detected by the EPP programs and results of threat processing by these programs to the Central Node server. Kaspersky Endpoint Agent can also integrate with Endpoint Protection Platform (hereinafter also referred to as "EPP") workstation protection programs: Kaspersky Endpoint Security and Kaspersky Security for Windows Server installed on the same computer as Kaspersky Endpoint Agent. Kaspersky Endpoint Agent sends information about the following events to the Central Node server: Information about events on the computer is sent to the Central Node server. Kaspersky Endpoint Agent is installed on individual Windows computers within the corporate IT infrastructure and continuously monitors processes, open network connections, and files being modified.The Sensor component can be used as a proxy server for outgoing connections from Kaspersky Endpoint Agent. Kaspersky Endpoint Detection and Response includes the following components: Principle of operation of Kaspersky Endpoint Detection and Response Information on Sandbox component alerts can be published in the local reputation database of Kaspersky Private Security Network. You can view the alert table in the Alerts section of the program web interface or by generating an alert report.Īlert information can also be published to a SIEM system that is used in your organization, as well as external systems. If any threats are detected, the Central Node server records relevant information in the alert database. The Sandbox component analyzes the behavior of objects in virtual operating systems to detect malicious activity and signs of targeted attacks on corporate IT infrastructure, and sends scan results to the Central Node server.The Central Node component scans files and objects using anti-virus databases, YARA rule databases created by Kaspersky Anti Targeted Attack users, and if necessary, sends files and objects to be scanned by the Sandbox component.

Sends objects and files to be scanned by the Central Node component.Ī Sensor component can also be a mail sensor, which is a server or virtual machine on which the Kaspersky application Kaspersky Secure Mail Gateway (KSMG) or Kaspersky Security for Linux Mail Server (KLMS) is installed.

Checks the reputation of files and URLs against the Kaspersky Security Network database (hereinafter also referred to as KSN) or Kaspersky Private Security Network (hereinafter also referred to as KPSN).

Scans Internet traffic for signs of intrusion into the corporate IT infrastructure using the Intrusion Detection System technology (hereinafter also referred to as IDS).

The Sensor component receives mirrored SPAN, ERSPAN, RSPAN traffic, objects metadata of HTTP, FTP, SMTP, and DNS protocols, HTTP and FTP traffic data, as well as HTTPS traffic (if the administrator has configured SSL certificate replacement on the proxy server), copies of email messages, and does the following with the gathered data:.

Kaspersky Anti Targeted Attack includes the following components:

Principle of operation of Kaspersky Anti Targeted Attack

#Target kaspersky anti virus full#

You can use the full functionality of the program (KATA and KEDR key) or partial functionality (only KATA key or only KEDR key).

Kaspersky Endpoint Detection and Response (hereinafter also referred to as "KEDR"), which provides protection for the local area network of the organization.

Kaspersky Anti Targeted Attack (hereinafter also referred to as "KATA"), which detects threats on the perimeter of the enterprise IT infrastructure.

Kaspersky Anti Targeted Attack Platform includes two functional blocks: