About security tags
January 25, 2024
ID 256478
If the Kaspersky Security solution is running in a virtual infrastructure on the VMware vSphere platform and uses VMware NSX Manager, Kaspersky Security may assign the following security tags to the protected virtual machine:
- ANTI_VIRUS.VirusFound.threat=high. This tag is assigned to a virtual machine on which viruses or other malicious programs were detected.
- IDS_IPS.threat=high. This tag is assigned to a virtual machine whose inbound traffic displayed activity that is typical for network attacks.
Kaspersky Security can assign security tags only if you enabled the use of VMware NSX Manager and configured the settings for connecting the Integration Server to VMware NSX Manager in the Integration Server Console.
You can view the security tags assigned to the virtual machine in the properties of the virtual machine:
- In the VMware vSphere Client console, in the Hosts and Clusters section of the Summary tab.
- In VMware NSX Manager web console, in the Inventory → Virtual Machines section.
The ANTI_VIRUS.VirusFound.threat=high security tag that Kaspersky Security assigned to the virtual machine is removed automatically if running a Full Scan task on the virtual machine detects no viruses or other malicious programs. If the ANTI_VIRUS.VirusFound.threat=high security tag is manually assigned to a virtual machine using virtual infrastructure, it can be removed only manually.
An IDS_IPS.threat=high security tag assigned to the virtual machine either by Kaspersky Security or manually using virtual infrastructure tools can be removed only manually.
After manually removing the tag, restart the Light Agent.
For more information on how to manually remove and assign security tags, refer to the Knowledge Base.
