Network Threat Protection

for Windows, macOS, and Linux

The Network Threat Protection component (also called Intrusion Detection System, IDS) monitors inbound network traffic for activity characteristic of network attacks. When the application detects an attempted network attack on a user's computer, it blocks the network connection with the attacking computer. Descriptions of currently known types of network attacks and ways to counteract them are provided in the application databases. The list of network attacks that the Network Threat Protection component detects is updated during database and application module updates.

Linux Network Threat Protection is disabled by default. Enabling Network Threat Protection may reduce the performance of installed third-party applications and the operating system. For details on configuring the application to enable Network Threat Protection on Linux devices, see the Technical Support Knowledge Base.

Network Threat Protection settings for Pro View

Settings	OS	Description
Trusted IP addresses	`Windows` `Linux`	List of IP addresses of trusted devices. The Network Threat Protection component does not block network activity from these addresses. `Windows` You can add an IP address with port or port ranges and protocol specified. `Linux` You can add only an IP address to the list of exclusions. The application also does not log information on network attacks from the IP addresses that are in the list of exclusions.
Action on threat detection	`Windows` `macOS` `Linux`	Block. When a threat is detected, Network Threat Protection blocks the attack. Block attack and attacking device for (min). If this option is enabled, the Network Threat Protection component adds the attacking computer to the blocked list. This means that the Network Threat Protection component blocks the network connection with the attacking computer after the first network attack attempt for the specified amount of time. This block automatically protects the user's computer against possible future network attacks from the same address. The minimum time an attacking computer must spend in the block list is one minute. The maximum time is 999 minutes. Kaspersky Endpoint Security clears the block list when the application is restarted and when the Network Threat Protection settings are changed.

Settings

Description

Trusted IP addresses

Windows

Linux

List of IP addresses of trusted devices. The Network Threat Protection component does not block network activity from these addresses.

Windows You can add an IP address with port or port ranges and protocol specified.

Linux You can add only an IP address to the list of exclusions.

The application also does not log information on network attacks from the IP addresses that are in the list of exclusions.

Action on threat detection

Windows

macOS

Linux

Block. When a threat is detected, Network Threat Protection blocks the attack.

Block attack and attacking device for (min). If this option is enabled, the Network Threat Protection component adds the attacking computer to the blocked list. This means that the Network Threat Protection component blocks the network connection with the attacking computer after the first network attack attempt for the specified amount of time. This block automatically protects the user's computer against possible future network attacks from the same address. The minimum time an attacking computer must spend in the block list is one minute. The maximum time is 999 minutes.

Kaspersky Endpoint Security clears the block list when the application is restarted and when the Network Threat Protection settings are changed.

Page top