Enabling hosts blocking

Support

Support for business applications

Kaspersky Security 11.x for Windows Server

Isolating objects and copying backups

Blocking access to network resources. Blocked Hosts

Managing Blocked Hosts via the Administration Plug-in

Enabling hosts blocking

June 10, 2022

ID 152104

Save as PDF

To add hosts showing any malicious or encrypting activity to the Blocked Hosts storage and block access to network file resources for those hosts, at least one of the following tasks must run in the active mode:

Real-Time File Protection
Network Threat Protection
Anti-Cryptor
Anti-Cryptor for NetApp

Configure the Real-Time File Protection task:

Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
Select the administration group for which you want to configure the task.
Select the Policies tab.
Double-click the policy name you want to configure.
In the Properties: <Policy name> window that opens, select the Real-time Server Protection section.
Click the Settings button in the Real-Time File Protection subsection.
The Real-time file protection window opens.
In the Integration with other components section, select the Block access to network shared resources for the hosts that show malicious activity check box if you want Kaspersky Security for Windows Server to block access to network file resources for hosts on which malicious activity is detected while the Real-Time File Protection task is running.
If the task has not been started, open the Task management tab:
1. Select the Run by schedule check box.
2. Select the At application launch frequency in the drop-down list.
In the Real-time Server Protection window, click OK.

The newly configured settings are saved.

Configure the Network Threat Protection task:

Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
Select the administration group for which you want to configure the task.
Select the Policies tab.
Double-click the policy name you want to configure.
In the Properties: <Policy name> window that opens, select the section.
Click the Settings button in the Network Threat Protection subsection.
The Network Threat Protection window opens.
Open the General tab.
In the Processing mode section select the Block connections when attack is detected processing mode.
The check box enables or disables adding hosts showing activity typical of network attacks to the list of blocked hosts.

If this mode is selected, Kaspersky Security for Windows Server scans inbound network traffic for activity that is typical of network attacks, logs events about detected activity, and adds IP addresses of hosts showing activity typical of network attacks to the list of blocked hosts.

The mode is selected by default.

You can view the list of blocked hosts in the Blocked Hosts storage.

You can restore access to blocked hosts, and specify the number of days, hours and minutes after which hosts regain access to network file resources after being blocked by configuring the Blocked Hosts storage settings.
If the task has not been started, open the Task management tab:
1. Select the Run by schedule check box.
2. Select the At application launch frequency in the drop-down list.
In the window, click OK.

The newly configured settings are saved.

Configure the Anti-Cryptor task:

Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
Select the administration group for which you want to configure the task.
Select the Policies tab.
Double-click the policy name you want to configure.
In the Properties: <Policy name> window that opens, select the Network activity control section.
Click the Settings button in the Anti-Cryptor subsection.
The Anti-Cryptor window opens.
If the task has not been started, open the Task management tab:
1. Select the Run by schedule check box.
2. Select the At application launch frequency in the drop-down list.
In the Anti-Cryptor window, click OK.

The newly configured settings are saved.

Configure the Anti-Cryptor for NetApp task:

Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
Select the administration group for which you want to configure the task.
Select the Policies tab.
Double-click the policy name you want to configure.
In the Properties: <Policy name> window that opens, select the Network attached storage protection section.
Click the Settings button in the Anti-Cryptor for NetApp subsection.
The Anti-Cryptor for NetApp window opens.
If the task has not been started, open the Task management tab:
1. Select the Run by schedule check box.
2. Select the At application launch frequency in the drop-down list.
In the Anti-Cryptor for NetApp window, click OK.

Kaspersky Security for Windows Server blocks access to network file resources for the hosts showing malicious or encrypting activity.

Kaspersky Security for Windows Server: Prompt detection of all kinds of threats

Launch control and exploit prevention for businesses of all sizes. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.