[KES11.1 Anomaly Detection]

It is enabled within the KES11.1 policy on KSC. The local KES window tells me as well that it is enabled. The policy window consists of a yellow notice that I should upload the latest updates into KSC (which is done automatically by “Update Global” task).

[KES11.1 Anomaly Detection]

I have KSC 10.5.1781 and KES11.1. I installed the latest KES11.1 Plugins and updated the policy but the Anomaly Detection does not show any entries: I also tested the KES11.1 Beta on another KSC (also with 10.5.1781) and the policy (after some times) consisted of some of these entries. How do I get these entries?

[KES11.1 ARP/MAC Spoof Feature]

Does anyone know something about this new feature?

[KES installation through shared local folder]

you may have a look at the following site https://help.kaspersky.com/KSC/11/en-US/92429.htm (and the links below). I have not used such a configuration but I know that it exists. I would suggest that you ask somebody who knows how to set it up correctly.

[KES installation through shared local folder]

I would suggest to use a slave server or distribution points (for smaller sites). I would suggest to contact your reseller to get help.

[KES11.1 ARP/MAC Spoof Feature]

I installed new KES11.1 (11.1.0.15919) on two laptops and activated new ARP/MAC Spoof detection (not prevent, second option) feature. On my laptop, whenever I switch between Wifi and wired connection, I get the message below. A colleague of mine uses a docking station where the laptop is connected with wifi and wired connection (docking station) and he permanently get the same message. I disabled the feature for the moment. How does this feature exactly work? How do you recognize a network attack? I assumed that you search for unrequested ARP Replies on the network or you remember the correct MAC of (at least) the gateway IP and if that changes, that might be an attack. Ereignistyp: Ein Netzwerkangriff wurde erkannt. Programm\Name: Kaspersky Endpoint Security für Windows Benutzer: xxx\xxx (Aktiver Benutzer) Komponente: Schutz vor Netzwerkbedrohungen Ergebnis\Beschreibung: Erlaubt Objekt: von mehreren unterschiedlichen Quellen Objekt\Typ: Netzwerkpaket Objekt\Name: von mehreren unterschiedlichen Quellen Objekt\Erweitert: Verdächtig: Datenbanken vom: 21.03.2019 03:11:00 Das Ereignis Ein Netzwerkangriff wurde erkannt. trat ein auf dem Computer XXX in der Domäne XXX Dienstag, 26. März 2019 11:41:07 (GMT+01:00) Ereignistyp: Ein Netzwerkangriff wurde erkannt. Programm\Name: Kaspersky Endpoint Security für Windows Benutzer: XXX\XXX (Aktiver Benutzer) Komponente: Schutz vor Netzwerkbedrohungen Ergebnis\Beschreibung: Erlaubt Objekt: von mehreren unterschiedlichen Quellen Objekt\Typ: Netzwerkpaket Objekt\Name: von mehreren unterschiedlichen Quellen Objekt\Erweitert: Verdächtig: Datenbanken vom: 05.02.2019 21:32:00