Network Threat Protection

The Network Threat Protection component scans inbound network traffic for activity that is typical of network attacks. Upon detecting an attempted network attack that targets your computer, Kaspersky Endpoint Security blocks network activity from the attacking computer. Your screen then displays a warning stating that a network attack was attempted, and shows information about the attacking computer.

Network traffic from the attacking computer is blocked for one hour. You can edit the settings for blocking an attacking computer.

Descriptions of currently known types of network attacks and ways to fight them are provided in Kaspersky Endpoint Security databases. The list of network attacks that the Network Threat Protection component detects is updated during database and application module updates.

Network Threat Protection component settings

Parameter	Description
Add the attacking computer to the list of blocked computers for N minutes	If the check box is selected, the Network Threat Protection component adds the attacking computer to the blocked list. This means that Network Threat Protection blocks network activity from the attacking computer after the first network attack attempt for the specified amount of time. This block automatically protects the user's computer against possible future network attacks from the same address. You can change the amount of time for which the network activity of an attacking computer is blocked. The default value is 60 minutes.
Exclusions	The list contains IP addresses from which Network Threat Protection does not block network attacks. Kaspersky Endpoint Security does not log information on network attacks from the IP addresses that are in the list of exclusions.
MAC spoofing protection mode	A MAC Spoofing attack consists of changing the MAC address of a network device (network card). As a result, data sent to a device may be redirected to a port to which a hacker is connected. Kaspersky Endpoint Security lets you block MAC Spoofing attacks and receive notifications about the attacks.

Parameter

Description

Add the attacking computer to the list of blocked computers for N minutes

If the check box is selected, the Network Threat Protection component adds the attacking computer to the blocked list. This means that Network Threat Protection blocks network activity from the attacking computer after the first network attack attempt for the specified amount of time. This block automatically protects the user's computer against possible future network attacks from the same address. You can change the amount of time for which the network activity of an attacking computer is blocked. The default value is 60 minutes.

Exclusions

The list contains IP addresses from which Network Threat Protection does not block network attacks.

Kaspersky Endpoint Security does not log information on network attacks from the IP addresses that are in the list of exclusions.

MAC spoofing protection mode

A MAC Spoofing attack consists of changing the MAC address of a network device (network card). As a result, data sent to a device may be redirected to a port to which a hacker is connected. Kaspersky Endpoint Security lets you block MAC Spoofing attacks and receive notifications about the attacks.

See also: Managing the application via the local interface

Enabling and disabling Network Threat Protection

Editing the settings used in blocking an attacking computer

Configuring addresses of exclusions from blocking

Changing the mode of protection against MAC spoofing attacks

Page top