Enabling untrusted hosts blocking

To add hosts showing any malicious or encryption activity to the Blocked Hosts storage and block access to network file resources for those hosts, at least one of the following tasks must be running in active mode:

• Real-Time File Protection
• Network Threat Protection

Configure the Real-Time File Protection task:

1. In the Application Console tree, expand the Real-Time Computer Protection node.
2. Select the Real-Time File Protection child node.
3. Click the Properties link in the details pane.

   The Task settings window opens.

4. In the Integration with other components section, select the Block access to network shared resources for the hosts that show malicious activity check box if you want Kaspersky Embedded Systems Security to block hosts on which malicious activity is detected while the Real-Time File Protection task is running.
5. If the task has not been started, open the Schedule tab:
   1. Select the Run by schedule check box.
   2. Select the At application launch frequency in the drop-down list.
6. In the Task settings window, click OK.

The newly configured settings are saved.

Configure the Network Threat Protection task:

1. In the Application Console tree, expand the Real-time computer protection node.
2. Select the Network Threat Protection child node.
3. Click the Properties link in the details pane of the Network Threat Protection node.
4. The Task settings window opens.
5. Open the General tab.
6. In the Processing mode section select the Block connections when attack is detected processing mode.

   The check box enables or disables adding hosts showing activity typical of network attacks to the list of blocked hosts.

   If this mode is selected, Kaspersky Embedded Systems Security scans inbound network traffic for activity that is typical of network attacks, logs events about detected activity, and adds IP addresses of hosts showing activity typical of network attacks to the list of blocked hosts.

   The mode is selected by default.

   You can view the list of blocked hosts in the Blocked Hosts storage.

   You can restore access to blocked hosts, and specify the number of days, hours and minutes after which hosts regain access to network file resources after being blocked by configuring the Blocked Hosts storage settings.

7. Select or clear the Don't stop traffic analysis when the task is not running check box.

   If this check box is selected, when Network Threat Protection task is stopped, Kaspersky Embedded Systems Security scans inbound network traffic for activity that is typical of network attacks and blocks network activity from the attacking computer depending on the selected processing mode.

   If this check box is cleared, when Network Threat Protection task is stopped, Kaspersky Embedded Systems Security doesn't scan inbound network traffic for activity that is typical of network attacks and doesn't block network activity from the attacking computer.

   The check box is cleared by default.

8. If the task has not been started, open the Schedule tab:
   1. Select the Run by schedule check box.
   2. Select the At application launch frequency in the drop-down list.
9. In the Task settings window, click OK.

The newly configured settings are saved.

Page top