Enabling untrusted hosts blocking

Support

Support for business applications

Kaspersky Security 11.x for Windows Server

Isolating objects and copying backups

Blocking access to network resources. Blocked Hosts

Managing Blocked Hosts via the Application Console

Enabling untrusted hosts blocking

June 10, 2022

ID 155690

Save as PDF

To add hosts showing any malicious or encryption activity to the Blocked Hosts storage and block access to network file resources for those hosts, at least one of the following tasks must be running in active mode:

Real-Time File Protection
Network Threat Protection
Anti-Cryptor
Anti-Cryptor for NetApp

Configure the Real-Time File Protection task:

In the Application Console tree, expand the Real-Time Server Protection node.
Select the Real-Time File Protection child node.
Click the Properties link in the results pane.
The Task settings window opens.
In the Integration with other components section, select the Block access to network shared resources for the hosts that show malicious activity check box if you want Kaspersky Security for Windows Server to block hosts on which malicious activity is detected while the Real-Time File Protection task is running.
If the task has not been started, open the Schedule tab:
1. Select the Run by schedule check box.
2. Select the At application launch frequency in the drop-down list.
In the Task settings window, click OK.

The newly configured settings are saved.

Configure the Network Threat Protection task:

In the Application Console tree, expand the Real-time Server Protection node.
Select the Network Threat Protection child node.
Click the Properties link in the details pane of the Network Threat Protection node.
The Task settings window opens.
Open the General tab.
In the Processing mode section select the processing mode:
- Block connections when attack is detected.
  The check box enables or disables adding hosts showing activity typical of network attacks to the list of blocked hosts.
  
  If this mode is selected, Kaspersky Security for Windows Server scans inbound network traffic for activity that is typical of network attacks, logs events about detected activity, and adds IP addresses of hosts showing activity typical of network attacks to the list of blocked hosts.
  
  The mode is selected by default.
  
  You can view the list of blocked hosts in the Blocked Hosts storage.
  
  You can restore access to blocked hosts, and specify the number of days, hours and minutes after which hosts regain access to network file resources after being blocked by configuring the Blocked Hosts storage settings.
Select or clear the Don't stop traffic analysis when the task is not running check box.
If this check box is selected, when Network Threat Protection task is stopped, Kaspersky Security for Windows Server scans inbound network traffic for activity that is typical of network attacks and blocks network activity from the attacking computer depending on the selected processing mode.

If this check box is cleared, when Network Threat Protection task is stopped, Kaspersky Security for Windows Server doesn't scan inbound network traffic for activity that is typical of network attacks and doesn't block network activity from the attacking computer.

The check box is cleared by default.
If the task has not been started, open the Schedule tab:
1. Select the Run by schedule check box.
2. Select the At application launch frequency in the drop-down list.
In the Task settings window, click OK.

The newly configured settings are saved.

Configure the Anti-Cryptor task:

In the Application Console tree, expand the Server Control node.
Select the Anti-Cryptor child node.
Click the Properties link in the results pane.
The Task settings window opens.
In the General tab, make sure that the task is in Active mode.
If the task has not been started, open the Schedule tab:
1. Select the Run by schedule check box.
2. Select the At application launch frequency in the drop-down list.
In the Task settings window, click OK.
The newly configured settings are saved.

Configure the Anti-Cryptor for NetApp task:

In the Application Console tree, expand the Network Attached Storage Protection node.
Select the Anti-Cryptor for NetApp child node.
Click the Properties link in the results pane.
The Task settings window opens.
In the General tab, make sure that the task is in Active mode.
If the task has not been started, open the Schedule tab:
1. Select the Run by schedule check box.
2. Select the At application launch frequency in the drop-down list.
In the Task settings window, click OK.

Kaspersky Security for Windows Server blocks access to network file resources for the hosts showing malicious or encrypting activity.

Kaspersky Security for Windows Server: Prompt detection of all kinds of threats

Launch control and exploit prevention for businesses of all sizes. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.