About untrusted computers blocking

When a malicious encryption activity is detected, Kaspersky Endpoint Security creates and enables a rule for the operating system firewall, that blocks a network traffic from a compromised computer. A compromised computer is added to the list of untrusted computers. Kaspersky Endpoint Security blocks access to shared network directories for all remote computers in the list of untrusted computers. Information about blocked computers from a protected server is sent to the Kaspersky Security Center.

Firewall rules created by the Anti-Cryptor cannot be deleted by using the iptables utility: Kaspersky Endpoint Security restores the set of rules once per minute. Use the --allow-hosts option to unblock a computer.

By default Kaspersky Endpoint Security removes untrusted computers from the list in 30 minutes since they were added to the list. Computers' access to network file resources is restored automatically after they are deleted from the list of untrusted computers. You can modify the list of blocked computers and specify the time after which blocked computers are automatically unblocked.