Critical Events Question

J Jolly · December 22, 2023

This question is regarding Kaspersky Endpoint Security Cloud Plus. We have a computer that sits on our network actively running nmap (ip address/port scanner) in order to detect new assets on the network. This obviously causes a large amount of noise and generates tons of alerts from Kaspersky. I am able shut it off the alerts by disabling the "Network attack detected" option under Critical Events. My question is this: is there a way I can create a rule so that Kaspersky will ignore all network/port scanning from a single IP address but continue to send "Network attack detected" alerts when port scanning is detected from any other IP address on the network? In other words, I just want to silence these alerts from being sent from of "friendly" port scanner and keep them enabled whenever scanning is detected from any other network device.

Any suggestions are greatly appreciated.

Regards,

J Jolly

Edited December 22, 2023 by J Jolly

ElvinE5 · December 25, 2023

Try creating exceptions for your scanning host ...

Спойлер

J Jolly · December 26, 2023

Excellent! Thank you for the information.

Critical Events Question

Recommended Posts

J Jolly

Link to comment

Share on other sites

ElvinE5

Link to comment

Share on other sites

J Jolly

Link to comment

Share on other sites

Please sign in to comment

Forum

Products

Support

Personal Account