Critical Events Question

[J Jolly]

This question is regarding Kaspersky Endpoint Security Cloud Plus. We have a computer that sits on our network actively running nmap (ip address/port scanner) in order to detect new assets on the network. This obviously causes a large amount of noise and generates tons of alerts from Kaspersky. I am able shut it off the alerts by disabling the "Network attack detected" option under Critical Events. My question is this: is there a way I can create a rule so that Kaspersky will ignore all network/port scanning from a single IP address but continue to send "Network attack detected" alerts when port scanning is detected from any other IP address on the network? In other words, I just want to silence these alerts from being sent from of "friendly" port scanner and keep them enabled whenever scanning is detected from any other network device.  

 

Any suggestions are greatly appreciated. 

Regards, 

J Jolly

Edited December 22, 2023 by J Jolly

[ElvinE5]

Try creating exceptions for your scanning host ...

  Reveal hidden contents

 

[J Jolly]

Excellent! Thank you for the information.