Network Threat Protection
Kaspersky Endpoint Security protects your computer against network attacks.
A network attack is an attempt to break into the operating system of a remote computer. Criminals attempt network attacks to establish control over the operating system, cause denial of service in the operating system, or access sensitive information. To achieve these goals, criminals either carry out direct attacks, such as port scanning and brute force attacks, or use malware installed on the computer being attacked.
Network attacks can be divided into the following types:
- Port scanning. This type of network attack is usually performed to prepare for a more dangerous network attack. An intruder scans UDP/TCP ports that use network services on the target computer and determines the target computers' vulnerability to other, more dangerous types of network attacks. Port scanning also allows the intruder to determine the operating system on the target computer and select appropriate network attacks for that operating system.
- DoS attacks or network attacks causing a denial of service. Such network attacks cause the target operating system to become unstable or completely inoperable.
The main types of DoS attacks are:
- Transmission of specially designed network packets that are not expected by the target computer, thus causing the target operating system to malfunction or crash.
- Sending a large number of network packets to a remote computer over a short period. All the target computer's resources are used to process the network packets sent by the intruder. As a result, the computer stops performing its functions.
- Network intrusion attacks. Such network attacks are designed to "hijack" the target computer's operating system. This is the most dangerous type of network attack, because if the attack is successful, then the intruder gains total control over the operating system.
This type of network attack is used when the intruder wants to obtain confidential data (such as bank card numbers or passwords) from a remote computer or secretly use the remote computer for his or her own purposes (such as attacking other computers from this computer).
Enable/disable Network Threat Protection
- In the menu bar, click the application icon and choose Preferences.
The application preferences window opens.
- On the Essential tab, in the Network Threat Protection section, select/deselect the Enable Network Threat Protection checkbox.
You can also enable Network Threat Protection in Protection Center. Disabling computer protection or disabling protection components puts your computer at much higher risk of infection. This is why Protection Center informs you when protection is disabled.
Important: If you disable Network Threat Protection, it will not be re-enabled automatically when Kaspersky Endpoint Security starts again or after the operating system restarts. You have to re-enable Network Threat Protection manually.
When the application detects dangerous network activity, Kaspersky Endpoint Security automatically adds the IP address of the attacking computer to the list of blocked computers, unless the attacking computer is in the list of trusted computers.
Edit the list of blocked computers
- In the menu bar, click the application icon and choose Preferences.
The application preferences window opens.
- On the Essential tab, in the Network Threat Protection section, select the Enable Network Threat Protection checkbox.
- Click Preferences.
A window with a list of trusted computers and a list of blocked computers opens.
- Open the Blocked computers tab.
- If you are sure that the blocked computer is not a threat, select the IP address of the computer in the list and click Unblock.
A confirmation dialog opens.
- In the confirmation dialog, select one of the following:
- Click Save.
You can create and edit the list of trusted computers. Kaspersky Endpoint Security doesn't block the IP addresses of these computers automatically even after dangerous network activity is detected from them.
Edit the list of trusted computers
- In the menu bar, click the application icon and choose Preferences.
The application preferences window opens.
- On the Essential tab, in the Network Threat Protection section, select the Enable Network Threat Protection checkbox.
- Click Preferences.
A window with a list of trusted computers and a list of blocked computers opens.
- Open the Trusted computers tab.
- Edit the list of trusted computers:
- To add an IP address to the list of trusted computers:
- Click .
- In the field that appears, enter the IP address of the computer that you trust to be safe.
- To remove an IP address from the list of trusted computers:
- Select an IP address in the list.
- Click .
- To edit an IP address in the list of trusted computers:
- Select an IP address in the list.
- Click Edit.
- Change the IP address.
- Click Save.
When a network attack is detected, Kaspersky Endpoint Security logs information about the attack in a report.
Note: If the Network Threat Protection component stops running with an error, you can view the report and try to restart the component. If the problem is not solved, you can contact Kaspersky Technical Support.
View the Network Threat Protection report
- In the menu bar, choose Protection > Reports.
The Reports window opens.
- Open the Network Threat Protection tab.
Page top