If the Network Threat Protection component is enabled, Kaspersky Endpoint Security automatically blocks network threats. Additionally, the application can block the attacking computer and restrict the sending of network packets for a certain length of time. By default, Kaspersky Endpoint Security blocks the computer for one hour.
Open the Kaspersky Security Center Administration Console.
In the console tree, select Policies.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select Essential Threat Protection → Network Threat Protection.
Under Network Threat Protection settings, select the Block attacking devices forNmin check box.
If the option is enabled, the Network Threat Protection component adds the attacking computer to the blocked list. This means that the Network Threat Protection component blocks the network connection with the attacking computer after the first network attack attempt for the specified amount of time. This block automatically protects the user's computer against possible future network attacks from the same address. The minimum time an attacking computer must spend in the block list is one minute. The maximum time is 999 minutes.
Set a different blocking duration for an attacking computer in the field to the right of the Block attacking devices forNmin check box.
In the main window of the Web Console, select Devices → Policies & profiles.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Essential Threat Protection → Network Threat Protection.
Under Network Threat Protection settings, select the Block attacking devices forNmin check box.
If the option is enabled, the Network Threat Protection component adds the attacking computer to the blocked list. This means that the Network Threat Protection component blocks the network connection with the attacking computer after the first network attack attempt for the specified amount of time. This block automatically protects the user's computer against possible future network attacks from the same address. The minimum time an attacking computer must spend in the block list is one minute. The maximum time is 999 minutes.
Set a different blocking duration for an attacking computer in the field below the Block attacking devices forNmin check box.
In the application settings window, select Essential Threat Protection → Network Threat Protection.
Network Threat Protection settings
Turn on the Block attacking devices forNmin toggle.
If the option is enabled, the Network Threat Protection component adds the attacking computer to the blocked list. This means that the Network Threat Protection component blocks the network connection with the attacking computer after the first network attack attempt for the specified amount of time. This block automatically protects the user's computer against possible future network attacks from the same address. The minimum time an attacking computer must spend in the block list is one minute. The maximum time is 999 minutes.
Set a different blocking duration for an attacking computer in the field below the Block attacking devices forNmin toggle switch.
Save your changes.
As a result, when Kaspersky Endpoint Security detects an attempted network attack launched against the user's computer, it will block all connections with the attacking computer. Kaspersky Endpoint Security creates the Network attack detected event. The event contains information about the attacking computer: IP and MAC addresses.
You can view the MAC address of the attacking computer only in the user interface of the application or in the Kaspersky Security Center Linux console. The MAC address of the attacking computer is not available in the Kaspersky Security Center Windows console.
Notification about network attack detection
Kaspersky Endpoint Security unblocks the computer when the specified time runs out. The Kaspersky Security Center console does not provide tools for monitoring blocked computers other than Network attack detected events in the report. You can only view a list of blocked computers in the interface of the application. This functionality is provided by the Network Monitor tool. You can also use the Network Monitor tool to unblock a computer.
To unblock a computer:
In the main application window, in the Monitoring section, click the Network Monitor tile.
Select the Blocked computers tab.
This opens a list of blocked computer (see figure below).
Kaspersky Endpoint Security clears the block list when the application is restarted and when the Network Threat Protection settings are changed.
Select the computer that you want to unblock and click Unblock.