To add hosts showing any malicious or encryption activity to the Blocked Host Storage storage and block access to network file resources for those hosts, at least one of the following tasks must be running in active mode:
Real-Time File Protection
Network Threat Protection
Anti-Cryptor
Anti-Cryptor for NetApp
Configure the Real-Time File Protection task:
In the Application Console tree, expand the Real-Time Server Protection node.
Select the Real-Time File Protection child node.
Click the Properties link in the details pane.
The Task settings window opens.
In the Integration with other components section, select the Block access to network shared resources for the hosts that show malicious activity check box if you want Kaspersky Security for Windows Server to block hosts on which malicious activity is detected while the Real-Time File Protection task is running.
If the task has not been started, open the Schedule tab:
Select the Run by schedule check box.
Select the At application launch frequency in the drop-down list.
In the Task settings window, click OK.
The newly configured settings are saved.
Configure the Network Threat Protection task:
In the Application Console tree, expand the Real-time server protection node.
Select the Network Threat Protection child node.
Click the Properties link in the details pane of the Network Threat Protection node.
The Task settings window opens.
Open the General tab.
In the Processing mode section select the processing mode:
The check box enables or disables adding hosts showing activity typical of network attacks to the list of blocked hosts.
If this mode is selected, Kaspersky Security for Windows Server scans inbound network traffic for activity that is typical of network attacks, logs events about detected activity, and adds IP addresses of hosts showing activity typical of network attacks to the list of blocked hosts.
You can restore access to blocked hosts, and specify the number of days, hours and minutes after which hosts regain access to network file resources after being blocked by configuring the Blocked Hosts storage settings.
If this check box is selected, when Network Threat Protection task is stopped, Kaspersky Security for Windows Server scans inbound network traffic for activity that is typical of network attacks and blocks network activity from the attacking computer depending on the selected processing mode.
If this check box is cleared, when Network Threat Protection task is stopped, Kaspersky Security for Windows Server doesn't scan inbound network traffic for activity that is typical of network attacks and doesn't block network activity from the attacking computer.
The check box is cleared by default.
If the task has not been started, open the Schedule tab:
Select the Run by schedule check box.
Select the At application launch frequency in the drop-down list.
In the Task settings window, click OK.
The newly configured settings are saved.
Configure the Anti-Cryptor task:
In the Application Console tree, expand the Server Control node.
Select the Anti-Cryptor child node.
Click the Properties link in the details pane.
The Task settings window opens.
In the General tab, make sure that the task is in Active mode.
If the task has not been started, open the Schedule tab:
Select the Run by schedule check box.
Select the At application launch frequency in the drop-down list.
In the Task settings window, click OK.
The newly configured settings are saved.
Configure the Anti-Cryptor for NetApp task:
In the Application Console tree, expand the Network Attached Storage Protection node.
Select the Anti-Cryptor for NetApp child node.
Click the Properties link in the details pane.
The Task settings window opens.
In the General tab, make sure that the task is in Active mode.
If the task has not been started, open the Schedule tab:
Select the Run by schedule check box.
Select the At application launch frequency in the drop-down list.
In the Task settings window, click OK.
Kaspersky Security for Windows Server blocks access to network file resources for the hosts showing malicious or encrypting activity.