About security tags

If Kaspersky Security operates in a virtual infrastructure on the VMware vSphere or KVM platform and uses VMware NSX Manager, Kaspersky Security can assign the following Security Tags to the protected virtual machine:

• ANTI_VIRUS.VirusFound.threat=high. This tag is assigned to a virtual machine on which viruses or other malicious programs were detected.
• IDS_IPS.threat=high. This tag is assigned to a virtual machine whose inbound traffic displayed activity that is typical for network attacks.

Kaspersky Security can assign security tags only if you enabled the use of VMware NSX Manager and configured the settings for connecting the Integration Server to VMware NSX Manager.

You can view the security tags assigned to the virtual machine in the properties of the virtual machine:

• In the VMware vSphere Client console, in the Hosts and Clusters section of the Summary tab.
• In VMware NSX Manager web console, in the Inventory → Virtual Machines section.

The ANTI_VIRUS.VirusFound.threat=high security tag assigned to the virtual machine by Kaspersky Security is removed automatically if no viruses or other malicious programs are detected on the virtual machine as a result of the Full Scan task. If the ANTI_VIRUS.VirusFound.threat=high security tag is manually assigned to a virtual machine using virtual infrastructure, it can be removed only manually.

The IDS_IPS.threat=high security tag assigned to a virtual machine by Kaspersky Security or manually using the virtual infrastructure can be removed only manually.

After manually removing the tag, restart the Light Agent.

For more information on how to manually remove and assign security tags, refer to the Knowledge Base.