Network Threat Protection

While the Network Threat Protection task is running, Kaspersky Endpoint Security scans inbound network traffic for activity that is typical of network attacks. The application scans inbound traffic only for 80, 139, 445, and 8080 TCP ports.

Upon detecting an attempted network attack that targets your computer, the application blocks network activity from the attacking computer and logs a respective event.

Kaspersky Endpoint Security blocks network traffic from the attacking computer for one hour. You can edit the settings for blocking an attacking computer.

Network Threat Protection task is started by default on Kaspersky Endpoint Security start.

Network Threat Protection settings

Setting	Description
Network Threat Protection enabled / disabled	This toggle button enables or disables Network Threat Protection. The check toggle button is switched on by default.
Blocking attacking devices enabled / disabled	This toggle button enables or disables blocking network activity when a network attack attempt is detected. The toggle button is switched on by default.
Block the attacking host for (min)	This field lets you specify the time to block an attacking host (in minutes). After the specified time reached, Kaspersky Endpoint Security allows network activity from the host. Available values: integer from `1` to `32768`. Default value: `60`.
Exclusions	A table that contains a list of IP addresses from which network attacks will not be blocked. By default, the list is empty. You can add, edit, or delete IP addresses in the table Clicking the Delete button removes the selected item from the table. This button is available if at least one item is selected in the table. Clicking the item name opens the window, where you can modify parameters for the selected item. Clicking the Add button opens the window, where you can specify parameters for a new item.

Page top