The Endpoint Sensors component is installed on separate computers (hereinafter referred to as “hosts”) that belong to the corporate IT infrastructure and run a Microsoft Windows operating system. Continuously monitors processes running on those computers, active network connections, and files that are modified.
Users with Senior security officer, Security officer, Local administrator, and Administrator roles can assess how regularly data is received from hosts on which the Endpoint Sensors component is installed, on the Endpoint Sensors tab of the program web interface window for organizations whose data the user is allowed to access. If you are using distributed solution and multitenancy mode, the web interface of the PCN server displays the list of Endpoint Sensors components for the PCN and all connected SCNs.
Users with the Local administrator and Administrator roles can configure the display of how regularly data is received from hosts with the Endpoint Sensors component installed, for organizations whose data they are allowed to access.
If suspicious network activity is detected, users with the Senior security officer role can isolate any host with the Endpoint Sensors component from the network, for organizations whose data the user is allowed to access. In this case, the connection between the server with the Central Node component and a host with the Endpoint Sensors component will not be interrupted.
For support in case of faulty operation of the Endpoint Sensors component, Technical Support experts may ask you to perform the following actions for debugging purposes (including in Technical Support Mode):
Technical Support experts will provide all the information needed to perform these operations (description of the sequence of steps, settings to be modified, configuration files, scripts, additional command line functionality, debugging modules, special-purpose utilities, etc.) and inform you about the scope of data gathered for debugging purposes. The extended diagnostic information that is gathered is saved on the user's computer. The collected data is not automatically sent to Kaspersky Lab.
The operations listed above should be performed only when instructed by and under the supervision of Technical Support experts. Unsupervised changes to program settings performed in ways other than those described in the Administrator's Guide or according to the instructions of Technical Support experts can slow down or crash the operating system, reduce computer security, or compromise the availability and integrity of data being processed.