Jump to content

Critical Events Question


Go to solution Solved by ElvinE5,

Recommended Posts

Posted (edited)

This question is regarding Kaspersky Endpoint Security Cloud Plus. We have a computer that sits on our network actively running nmap (ip address/port scanner) in order to detect new assets on the network. This obviously causes a large amount of noise and generates tons of alerts from Kaspersky. I am able shut it off the alerts by disabling the "Network attack detected" option under Critical Events. My question is this: is there a way I can create a rule so that Kaspersky will ignore all network/port scanning from a single IP address but continue to send "Network attack detected" alerts when port scanning is detected from any other IP address on the network? In other words, I just want to silence these alerts from being sent from of "friendly" port scanner and keep them enabled whenever scanning is detected from any other network device.  

 

MicrosoftTeams-image(4).thumb.png.a6e3d364f2b1f5a8c1f29866ae4288ab.png

Any suggestions are greatly appreciated. 

Regards, 

J Jolly

Edited by J Jolly
  • Solution
Posted

Try creating exceptions for your scanning host ...

Спойлер

.thumb.png.f2931e89f37d14d30a9b77d973897508.png

 

Posted

Excellent! Thank you for the information. 

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...