Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 00:00:06 - 00:03:13 To further improve security, it is necessary to not only respond to known threats, but also control suspicious actions that can potentially harm the computer. The adaptive anomaly control component serves this purpose in Kaspersky Endpoint Security Cloud. Adaptive Anomaly Control is designed to monitor atypical behavior and react in accordance with predefined rules. Anomaly control is based on a set of rules describing actions that may be potentially dangerous for a computer. When adaptive anomaly control is enabled, the administrator can activate rules on the list and configure the reaction to them. Inform is the default action when the rule is triggered. Kaspersky Endpoint Security will allow the action and log information about it when block action is active. If the rule is triggered, Kaspersky Endpoint Security will block the action that falls under this rule and add the respective record to the log with smart action rules. Work in training mode for a period determined by Kaspersky Specialists. When a rule is triggered in training mode, the activity will be allowed in the respective entry will be added to a special training mode rule triggering list. When training is finished, Kaspersky Endpoint Security starts blocking actions that fall under the rules. After the training period ends, the administrator needs to analyze the contents of the training mode rule triggering list and choose the behavior for anomaly control when each rule is triggered, block or allow. If a rule was not triggered during the training period, the activity that it describes is considered abnormal and will be blocked by default. Adaptive anomaly control is configured separately for each security profile. In the windows section, expand management settings and select Adaptive Anomaly Control. Anomaly control is disabled by default. To enable it, click the switch. Anomaly control rules are also deactivated by default. Activate each rule that you want to use, and select the action to be taken when it is triggered, click save. Now let's trigger a few rules. To do this, we will run files that perform the following actions. Start Microsoft PowerShell from an office application. Start Microsoft HTML application host from Windows Management Instrumentation. Start Microsoft PowerShell from Windows Management Instrumentation. Create a file named like a system file. Outside system folders. Since Anomaly Control operates in training mode, all these actions will be allowed and logged. To consult the list of triggered rules, go to quarantine and select the respective category. When you click a detected object on the list, a side pane opens where you can see additional information about the object and decide whether to confirm that this activity is abnormal and needs to be blocked, or add it to exclusions. If you confirm the detection anomaly, control will record it as potentially dangerous and will block it in future. If you add the activity to exclusions, it will be considered safe and anomaly control will not respond to it. Let's confirm all the triggered rules and wait for the training period to end two weeks. Since any active rules were triggered after the training period is over, anomaly control begins to function in accordance with the training results. Let's run the same files again. Adaptive Anomaly control now blocks the actions performed by each of these files.3413