While protecting a device against network threats and remote malicious encryption, Kaspersky Endpoint Security can block remote devices whose actions are considered to be malicious:
You can change the blocking duration in the Network Threat Protection and Protection Against Remote Malicious Encryption settings. Once the specified period of time has elapsed, the application unblocks the device.
If you are managing the application using the command line, you can use the commands for managing blocked devices to view a list of devices that are blocked as a result of the application running on the device and manually unblock these devices before the blocking time expires. Kaspersky Security Center does not provide tools for monitoring and managing blocked devices, except for the Network attack detected and Encryption detected events.
To view the list of blocked devices, execute the following command:
kesl-control --get-blocked-hosts
As a result of the command execution, the application outputs the list of blocked devices to the console.
To unblock devices, execute the following command:
kesl-control --allow-hosts <address>
where <address> is one or more IP addresses of the devices or subnets (IPv4/IPv6, including addresses in short form). You can specify multiple IP addresses of devices or subnets by separating them with a space.
As a result of the command execution, the application unblocks the specified devices.
Examples: IPv4 addresses:
IPv6 addresses:
|