How to check Adaptive Anomaly Control (AAC) [KES for Windows]
To check Block action:
Specify Block actions for all rules in the group Activity of script engines and frameworks.
Extract files from the archive and start the scripts. All scripts should be blocked, popup about it should be shown.
There will be new records about blockings in the local report, events and AAC report in KSC console.
To check Smart action:
Host where KES is installed is under the policy applied. Specify Smart mode for all rules in the group Activity of script engines and frameworks.
Extract files from the archive and start any script. Open KSC → Advanced → Repositories → Triggering of rules in Smart Training State. Check that new record is shown there. There will be no info about this detection in local report, KSC reports or in the events.
After two weeks, if there are no new detections for this rule, the rule will automatically change to Smart Blocking mode. If this rule is detected again, the learning period will be extended.
0 Comments
Recommended Comments
There are no comments to display.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now