Network Attack Blocker

The Kaspersky Security functionality described in this section is available only if the application is installed on a virtual machine with a Windows desktop or server operating system.

The Network Attack Blocker component scans inbound network traffic for activity that is typical of network attacks. On detecting an attempted network attack that targets the protected virtual machine, Kaspersky Security blocks network activity originating from the attacking device. A warning is then displayed, stating that an attempted network attack has been detected, and showing information about the attacking device.

The Network Attack Blocker component does not block the IP address of the attacking device in the following cases:

• The attack is conducted over the UDP protocol.
• Blocking the IP address would lead to failure of a critically important network service (for example, the domain controller service).

Descriptions of currently known types of network attacks and ways to fight them are provided in the application databases. The list of network attacks that the Network Attack Blocker component detects is updated during application database updates.

You can do the following to configure Network Attack Blocker:

• Configure the settings used in blocking an attacking device.
• Create a list of IP addresses excluded from blocking.

This section describes how to configure Network Attack Blocker settings using the Administration Console and the Light Agent for Windows local interface. You can also configure the Network Attack Blocker settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Anti-Virus protection → Network Attack Blocker).