Support

Support for business applications

Kaspersky Security 11.x for Windows Server

Isolating objects and copying backups

Blocking access to network resources. Blocked Hosts

About the Blocked Hosts storage

Kaspersky Security 11.x for Windows Server
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools

About the Blocked Hosts storage

June 10, 2022

ID 151191

Save as PDF

The Blocked Hosts storage is installed by default if any of the following components is installed: Real-Time File Protection, Network Threat Protection, Anti-Cryptor for NetApp, Anti-Cryptor. These components discover remote hosts' attempts to encrypt, open or execute objects on the protected device or network attached storage shared folders in accordance with the list of blocked hosts. Information about blocked hosts from all protected devices is sent to the Kaspersky Security Center. Kaspersky Security for Windows Server blocks access to protected device shared folders or network attached storage folders for all remote hosts in the list of blocked hosts.

The Blocked Hosts storage is populated when at least one of the following tasks is started in active mode (under specified conditions):

  • For the Real-Time File Protection task: malicious activity by a device accessing network file resources is detected and in the Real-Time File Protection task settings the Block access to network shared resources for the hosts that show malicious activity check box is selected.
  • For the Network Threat Protection task: activity typical of network attacks is detected.
  • For the Anti-Cryptor task: malicious encryption by a device accessing network file resources is detected.
  • For the Anti-Cryptor for NetApp task: an attack on the network attached storage is detected.

After malicious activity or an encryption attempt is detected, the task sends information about the attacking host to the Blocked Hosts storage and the application creates a Warning event for the host blocking. Any attempts by this host to access the protected shared network folders will be blocked.

If the locally unique identifier (LUID) of an attacking host is added to the list of blocked hosts, Kaspersky Security for Windows Server determines the IP address of this host and adds it to the list of blocked hosts instead of the LUID of the attacking host.

By default, Kaspersky Security for Windows Server removes blocked hosts from the list 30 minutes after they were added to the list. Computers' access to network file resources is restored automatically after they are deleted from the list of blocked hosts. You can specify the period of time after which blocked hosts are automatically unblocked.

Note that when you restrict access to storage management for any user account, the Blocked Hosts storage will still be available. The Blocked Hosts settings cannot be changed unless the selected user account has Edit permissions for managing Kaspersky Security for Windows Server.

Kaspersky Security for Windows Server: Prompt detection of all kinds of threats
Launch control and exploit prevention for businesses of all sizes. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.