Viewing the list of blocked network threat sources

In the properties of the application installed on SVMs with the Network Threat Protection component, you can view the list of network threat sources that were blocked as a result of this SVM.

To view a list of blocked network threat sources on SVMs:

1. In the Kaspersky Security Center Administration Console, open the SVM properties window:
   1. Select the administration group containing the KSC cluster that includes the relevant SVM.
   2. In the workspace, select the Devices tab.
   3. In the list, select the SVM and open the SVM properties window by double-clicking or by selecting Properties in the context menu.

   The Properties: <SVM name> window opens.

2. In the SVM properties window in the list on the left, select the Applications section.

   A list of applications that are installed on this SVM appears in the right part of the window.

3. Select Kaspersky Security for Virtualization 6.0 Agentless and open the application settings window by double-clicking or by selecting Properties in the context menu.

   The Kaspersky Security for Virtualization 6.0 Agentless settings window opens.

4. In the application settings window, in the list on the left, select the List of blocked network threat sources section.

The right part of the window displays a table containing a list of sources of network threats that were blocked as a result of this SVM, which is essentially a list of IP addresses whose traffic was blocked by Kaspersky Security when it detected a network attack or suspicious network activity.

The table displays the following information for each network threat source:

• IP address. IP address whose traffic was blocked by Kaspersky Security when it detected a network attack or suspicious network activity.
• VLAN ID. ID of the VLAN associated with the blocked traffic.
• Blocked at. Date and time when Kaspersky Security blocked traffic from the IP address.
• Blocked until. Date and time when traffic from the IP address will be automatically unblocked.

In the list of blocked network threat sources, you can do the following:

• Search blocked network threat sources based on values of the IP address column. By default the table displays information only about the last 100 blocked sources of network threats. If the table is not showing a network threat source whose information you want to view, you can use the search. To do so, you need to enter the IP address, beginning of the IP address, or subnet mask into the search string and click the Find button. As a result, the table displays no more than 100 blocked sources of network threats that match the search criteria.
• Sort the list by any column of the table. If the search query is not defined, the sorting is applied to the full list of blocked sources of network threats. If you performed a search, the sorting is applied to the list of the blocked sources of network threats that match the search criteria.
• Update the information by clicking the Refresh button.

When the block time defined in the application settings expires, the network threat source is automatically deleted from the list. If necessary, you can unblock traffic from selected IP addresses without waiting for their automatic deletion.

To unlock traffic from an IP address that was recognized as a network threat source,

Select one or multiple network threat sources in the list and click the Unblock button located in the lower part of the window.

Page top