Network Threat Protection task (Network_Threat_Protection, ID:17)

While the Network Threat Protection task is running, the application scans inbound network traffic for activity that is typical for network attacks. The application receives the numbers of the TCP ports from the current application databases and scans incoming traffic for these ports.

To scan network traffic, the Network Threat Protection task receives port numbers from the application databases and accepts connections via all these ports. During the network scan process, it may look like an open port on the device, even if no application on the system is listening to this port. It is recommended to close unused ports by means of a firewall.

Upon detecting an attempted network attack that targets your computer, the application blocks network activity from the attacking computer and logs a respective event. The application blocks network traffic from the attacking computer for one hour. You can change the block duration in the task settings.

The table describes all available values and the default values of all the settings that you can specify for the Network Threat Protection task.

Network Threat Protection task settings

Setting

Description

Values

BlockAttackingHosts

Enables or disables blocking of network activity from attacking computers.

Yes (default value) — Block network activity from attacking computers.

No — Allow network activity from attacking computers.

BlockDurationMinutes

Specifies how long attacking computers will be blocked (in minutes).

132768

The default value is 60.

UseExcludeIPs

Enables or disables the usage of a list of IP addresses whose network activity will not be blocked when a network attack is detected. The application will only log information about dangerous activity from these computers.

You can add IP addresses to the exclusion list by using the ExcludeIPs.item_# parameter. By default, the list is empty.

Yes — Use the list of excluded IP addresses.

No (default value) — Do not use the list of excluded IP addresses.

ExcludeIPs.item_#

Specifies an IP address whose network activity will not be blocked by the application.

d.d.d.d — IPv4 address, where d is a decimal number from 0 to 255.

d.d.d.d/p — Subnet of IPv4 addresses, where p is a number from 0 to 32.

x:x:x:x:x:x:x:x — IPv6 address, where x is a hexadecimal number from 0 to ffff.

x:x:x:x::0/p — Subnet of IPv6 addresses, where p is a number from 0 to 64.

The default value is not defined.

Page top