General task settings

Expand all | Collapse all

To configure the general settings of the Network Threat Protection task using the Web Console:

In the main window of the Kaspersky Security Center Web Console, select Devices → Policies & profiles.
Click the policy name you want to configure.
In the <Policy name> window that opens, select the Application settings tab.
Select the Real-time computer protection section.
In the Network Threat Protection block, click the Settings button.
The Network Threat Protection window opens.
Select the General tab.
In the Operating mode section select the processing mode:
- Pass-through.
  If this mode is selected, Kaspersky Embedded Systems Security for Windows scans inbound network traffic for activity that is typical of network attacks, but doesn't log events about detected activity and doesn't block network activity from the attacking computer.
  
  For example, you can use this mode in case of a decrease in the protected device's performance.
- Only inform about network attacks.
  If this mode is selected, Kaspersky Embedded Systems Security for Windows scans inbound network traffic for activity that is typical of network attacks, logs events about detected activity, but doesn't block network activity from the attacking computer.
- Block connections when attack is detected.
  The check box enables or disables adding hosts showing activity typical of network attacks to the list of blocked hosts.
  
  If this mode is selected, Kaspersky Embedded Systems Security for Windows scans inbound network traffic for activity that is typical of network attacks, logs events about detected activity, and adds IP addresses of hosts showing activity typical of network attacks to the list of blocked hosts.
  
  You can view the list of blocked hosts in the Blocked Hosts storage.
  
  You can restore access to blocked hosts, and specify the number of days, hours, and minutes after which hosts regain access to network file resources after being blocked by configuring the Blocked Hosts storage settings.
  
  The mode is selected by default.
In the MAC spoofing protection block, select or clear the Enable protection against MAC spoofing attacks check box.
A MAC address spoofing attack consists of changing the MAC address of a network device (network card). As a result, an attacker could redirect data sent to a device to another device and gain access to this data.

If the check box is selected and the Network Threat Protection task mode is different from Pass-through, Kaspersky Embedded Systems Security for Windows scans incoming network traffic for actions that are typical of MAC address spoofing attacks and performs actions in accordance with the selected task mode for the Network Threat Protection task.

If the check box is cleared or the Pass-through task mode is selected, Kaspersky Embedded Systems Security for Windows does not scan incoming network traffic for actions typical of MAC address spoofing attacks.

By default, the check box is cleared.
Select or clear the Don't stop traffic analysis when the task is not running check box.
If this check box is selected, then even when the Network Threat Protection task is stopped, Kaspersky Embedded Systems Security for Windows scans inbound network traffic for activity that is typical of network attacks and blocks network activity from the attacking computer, depending on the selected task mode.

If this check box is cleared, when the Network Threat Protection task is stopped, Kaspersky Embedded Systems Security for Windows doesn't scan inbound network traffic for activity that is typical of network attacks.

By default, the check box is cleared.
Click the OK button.

Page top