Enabling hosts blocking

To add hosts showing any malicious or encrypting activity to the Blocked Host Storage storage and block access to network file resources for those hosts, at least one of the following tasks must run in the active mode:

• Real-Time File Protection
• Network Threat Protection
• Anti-Cryptor
• Anti-Cryptor for NetApp

Configure the Real-Time File Protection task:

1. Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
2. Select the administration group for which you want to configure the task.
3. Select the Policies tab.
4. Double-click the policy name you want to configure.
5. In the Properties: <Policy name> window that opens, select the Real-time server protection section.
6. Click the Settings button in the Real-Time File Protection subsection.

   The Real-time file protection window opens.

7. In the Integration with other components section, select the Block access to network shared resources for the hosts that show malicious activity check box if you want Kaspersky Security for Windows Server to block access to network file resources for hosts on which malicious activity is detected while the Real-Time File Protection task is running.
8. If the task has not been started, open the Task management tab:
   1. Select the Run by schedule check box.
   2. Select the At application launch frequency in the drop-down list.
9. In the Real-time server protection window, click OK.

The newly configured settings are saved.

Configure the Network Threat Protection task:

1. Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
2. Select the administration group for which you want to configure the task.
3. Select the Policies tab.
4. Double-click the policy name you want to configure.
5. In the Properties: <Policy name> window that opens, select the section.
6. Click the Settings button in the Network Threat Protection subsection.

   The Network Threat Protection window opens.

7. Open the General tab.
8. In the Processing mode section select the Block connections when attack is detected processing mode.

   The check box enables or disables adding hosts showing activity typical of network attacks to the list of blocked hosts.

   If this mode is selected, Kaspersky Security for Windows Server scans inbound network traffic for activity that is typical of network attacks, logs events about detected activity, and adds IP addresses of hosts showing activity typical of network attacks to the list of blocked hosts.

   The mode is selected by default.

   You can view the list of blocked hosts in the Blocked Hosts storage.

   You can restore access to blocked hosts, and specify the number of days, hours and minutes after which hosts regain access to network file resources after being blocked by configuring the Blocked Hosts storage settings.

9. If the task has not been started, open the Task management tab:
   1. Select the Run by schedule check box.
   2. Select the At application launch frequency in the drop-down list.
10. In the window, click OK.

The newly configured settings are saved.

Configure the Anti-Cryptor task:

1. Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
2. Select the administration group for which you want to configure the task.
3. Select the Policies tab.
4. Double-click the policy name you want to configure.
5. In the Properties: <Policy name> window that opens, select the Network activity control section.
6. Click the Settings button in the Anti-Cryptor subsection.

   The Anti-Cryptor window opens.

7. If the task has not been started, open the Task management tab:
   1. Select the Run by schedule check box.
   2. Select the At application launch frequency in the drop-down list.
8. In the Anti-Cryptor window, click OK.

The newly configured settings are saved.

Configure the Anti-Cryptor for NetApp task:

1. Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
2. Select the administration group for which you want to configure the task.
3. Select the Policies tab.
4. Double-click the policy name you want to configure.
5. In the Properties: <Policy name> window that opens, select the Network attached storage protection section.
6. Click the Settings button in the Anti-Cryptor for NetApp subsection.

   The Anti-Cryptor for NetApp window opens.

7. If the task has not been started, open the Task management tab:
   1. Select the Run by schedule check box.
   2. Select the At application launch frequency in the drop-down list.
8. In the Anti-Cryptor for NetApp window, click OK.

Kaspersky Security for Windows Server blocks access to network file resources for the hosts showing malicious or encrypting activity.

Page top