Enabling untrusted hosts blocking

Expand all | Collapse all

To add network sessions showing any malicious or encryption activity to the List of blocked network sessions and block access to network file resources, at least one of the following tasks must be running in active mode:

• Real-Time File Protection
• Network Threat Protection

Configure the Real-Time File Protection task:

1. In the Application Console tree, expand the Real-Time Computer Protection node.
2. Select the Real-Time File Protection child node.
3. Click the Properties link in the results pane.

   The Task settings window appears.

4. In the Deep section, select the Block access to network shared resources for the sessions that show malicious activity check box if you want Kaspersky Embedded Systems Security for Windows to block network sessions on which malicious activity is detected while the Real-Time File Protection task is running.
5. If the task has not been started, open the Schedule tab:
   1. Select the Run by schedule check box.
   2. Select the At application launch frequency in the drop-down list.
6. In the Task settings window, click OK.

The newly configured settings are saved.

Configure the Network Threat Protection task:

1. In the Application Console tree, expand the Real-Time Computer Protection node.
2. Select the Network Threat Protection child node.
3. Click the Network Threat Protection link in the details pane of the Properties node.
4. The Task settings window appears.
5. Open the General tab.
6. In the Operating mode section select the Block connections when attack is detected processing mode.

   The check box enables or disables adding hosts showing activity typical of network attacks to the list of blocked hosts.

   If this mode is selected, Kaspersky Embedded Systems Security for Windows scans inbound network traffic for activity that is typical of network attacks, logs events about detected activity, and adds IP addresses of hosts showing activity typical of network attacks to the list of blocked hosts.

   You can view the list of blocked hosts in the Blocked Hosts storage.

   You can restore access to blocked hosts, and specify the number of days, hours, and minutes after which hosts regain access to network file resources after being blocked by configuring the Blocked Hosts storage settings.

   The mode is selected by default.

7. Select or clear the Don't stop traffic analysis when the task is not running check box.

   If this check box is selected, then even when the Network Threat Protection task is stopped, Kaspersky Embedded Systems Security for Windows scans inbound network traffic for activity that is typical of network attacks and blocks network activity from the attacking computer, depending on the selected task mode.

   If this check box is cleared, when the Network Threat Protection task is stopped, Kaspersky Embedded Systems Security for Windows doesn't scan inbound network traffic for activity that is typical of network attacks.

   By default, the check box is cleared.

8. If the task has not been started, open the Schedule tab:
   1. Select the Run by schedule check box.
   2. Select the At application launch frequency in the drop-down list.
9. In the Task settings window, click OK.

The newly configured settings are saved.

Page top