About traffic processing modes

If Kaspersky Security is deployed in the infrastructure managed by VMware NSX-V Manager, the Network Threat Protection component can function in one of the following traffic processing modes:

• Standard mode. If this mode is used, Network Threat Protection receives and scans traffic from the virtual machines. When Kaspersky Security detects signs of intrusions or attempts to access dangerous or undesirable web addresses, it performs the action specified in Kaspersky Security policy settings and sends information about the detected threats and performed actions to Kaspersky Security Center Administration Server.
• Monitoring mode. If this mode is used, Network Threat Protection receives a copy of traffic from the virtual machines. When Kaspersky Security detects signs of intrusions or attempts to access dangerous or undesirable web addresses, it does not take any actions to prevent the threats, but only sends information about the detected threats to Kaspersky Security Center Administration Server.

The traffic processing mode is selected during Kaspersky Network Protection service registration in VMware NSX-V Manager. After network protection service registration and SVM deployment, the traffic processing mode cannot be changed. To select a different traffic processing mode, remove the Network Threat Protection component and the objects created in the infrastructure because of the component installation, unregister the network protection service, and then re-register the network protection service with the new traffic processing mode and deploy new SVMs.

If Kaspersky Security is deployed in the infrastructure managed by VMware NSX-T Manager, the Network Threat Protection component always functions in the Standard traffic processing mode. If you do not want Kaspersky Security to take the actions to prevent threats when it detects signs of intrusion or attempts to access dangerous or undesirable web addresses, select the Ignore action on threat detection in the network attack detection settings, in the control settings of virtual machine network activity and in the web addresses scan settings.