List of blocked network sessions

By default, the List of blocked network sessions is available for use if any of the following components is installed: Real-Time File Protection, Network Threat Protection. These components discover remote attempts to encrypt, open or execute objects on the protected device or network attached storage shared folders in accordance with the list of blocked network sessions. Information about blocked network sessions from all protected devices is sent to the Kaspersky Security Center. Kaspersky Embedded Systems Security for Windows blocks current session and, in terms of current session, makes shared folders or network attached storage folders unavailable.

The List of blocked network sessions is populated when at least one of the following tasks is started in active mode (under specified conditions):

• For the Real-Time File Protection task: malicious activity by a device accessing network file resources is detected and in the Real-Time File Protection task settings the Block access to network shared resources for the sessions that show malicious activity check box is selected.
• For the Network Threat Protection task: activity typical of network attacks is detected.

After malicious activity or an encryption attempt is detected, the task sends information about the attacking network session to the List of blocked network sessions and the application creates a Warning event for current session of the attacking host. Any attempts by this session to access the protected shared network folders will be blocked.

If the locally unique identifier (LUID) of a host that initiated the attacking network session is added to the List of blocked network sessions, Kaspersky Embedded Systems Security for Windows determines the IP address of the host and adds it to the List of blocked network sessions instead of the LUID of the attacking host.

By default, Kaspersky Embedded Systems Security for Windows removes blocked network sessions from the list 30 minutes after they were added to the list. Access to network file resources is restored automatically after the network sessions are deleted from the List of blocked network sessions. You can specify the period of time after which blocked network sessions are automatically unblocked.

Note that when you restrict access to storage management for any user account, the List of blocked network sessions will still be available. The settings for blocked network sessions cannot be changed unless the selected user account has Edit permissions for managing Kaspersky Embedded Systems Security for Windows.