In Network Control monitoring mode, Kaspersky Industrial CyberSecurity for Networks performs the following actions:
If use of Network Integrity Control technology is enabled, the application checks devices' network interactions for compliance with the rules based on this technology. When the application detects network interactions for which there are no active rules, it registers unauthorized communication detection events based on Network Integrity Control technology. The event is registered using the system event type that is assigned the code 4000002601.
If use of Command Control technology is enabled, the application checks devices' network interactions for compliance with the rules based on this technology. When the application detects system commands for which there are no active rules, it registers unauthorized system command detection events based on Command Control technology. The event is registered using the system event type that is assigned the code 4000002602.
Rules related to different technologies are applied independently of each other. Therefore, to allow use of a system command, the list of Network Control rules must have rules for this system command and for the network packet that transmits it.