This drop-down list contains the actions that Kaspersky Security can perform when it detects a network attack on a protected virtual machine, if network protection is deployed in standard mode. You can select one of the following options:
Ignore. Kaspersky Security does not perform any actions to prevent the network attack.
Terminate connection. Kaspersky Security terminates the connection between the protected virtual machine and the IP address from which the network attack originated.
Terminate connection and block traffic from sender's IP address. Kaspersky Security terminates the connection between the protected virtual machine and the IP address from which the network attack originated, and also blocks traffic from this IP address. Traffic is blocked in the specific VLAN in which the attempted network attack was detected. The duration for blocking traffic is configured in the On threat detection, block traffic for N minutes field.
This action is selected by default.
Information about detected network attacks and the actions taken is sent to Kaspersky Security Center.
You can select an action if the Detect network attacks check box is selected.
If network protection is deployed in monitoring mode, when Kaspersky Security detects a network attack it performs the Ignore action.
The duration for blocking the traffic from IP address from which the network attack or suspicious network activity originated. When determining the source of a network attack or suspicious network activity, the application takes into account whether or not the traffic is from a virtual LAN (VLAN). Kaspersky Security blocks traffic from an IP address only in the VLAN in which a network attack or suspicious network activity was detected.
The default blocking duration is 60 minutes.
If necessary, configure network threat protection exclusion rules that Kaspersky Security will use to exclude traffic of specific IP addresses from scans or apply special actions when processing such traffic.
In the Properties: <Policy name> window, click OK.