Open the Administration Console of Kaspersky Security Center.
In the console tree, perform one of the following actions:
If you want to configure the operating settings of SVMs of one KSC cluster, in the Managed devices folder of the console tree select the administration group containing the KSC cluster.
If you want to configure the operating settings of SVMs of all KSC clusters, select the Managed devices folder.
In the workspace, select the Policies tab.
Select a policy in the list of policies and double-click the policy to open the Properties: <Policy name> window.
In the policy properties window, select the Intrusion Prevention section.
The action that Kaspersky Security performs when it detects a network attack on a protected virtual machine. You can select one of the following options:
Choose action automatically. Kaspersky Security performs the default action specified by Kaspersky Lab specialists. If network protection is deployed in standard mode, the Terminate connection and block traffic from sender's IP address action is automatically selected. If network protection is deployed in monitoring mode, the Ignore action is automatically selected.
This option is selected by default.
Ignore. Kaspersky Security does not perform any actions to prevent the network attack.
Terminate connection. Kaspersky Security terminates the connection between the protected virtual machine and the IP address from which the network attack originated.
Terminate connection and block traffic from sender's IP address. Kaspersky Security terminates the connection between the protected virtual machine and the IP address from which the network attack originated, and also blocks traffic from this IP address. Traffic is blocked in the specific VLAN in which the attempted network attack was detected. The duration for blocking the traffic is configured in the On detection of a network attack or suspicious network activity, block traffic from IP address for N minutes field.
Information about detected network attacks and the actions taken is sent to Kaspersky Security Center.
You can select an action if the Detect network attacks check box is selected.
If network protection is deployed in monitoring mode, the Ignore action is applied when a network attack is detected, regardless of the selected action.
The duration for blocking the traffic from IP address from which the network attack or suspicious network activity originated. When determining the source of a network attack or suspicious network activity, the application takes into account whether or not the traffic is from a virtual LAN (VLAN). Kaspersky Security blocks traffic from an IP address only in the VLAN in which a network attack or suspicious network activity was detected.
The default blocking duration is 60 minutes.
If necessary, configure network threat protection exclusion rules that Kaspersky Security will use to exclude traffic of specific IP addresses from scans or apply special actions when processing such traffic.
In the Properties: <Policy name> window, click OK.