How to test Network Threat Protection (Attack Blocker) [KES for Windows]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

This article is about Kaspersky Endpoint Security for Windows (KES for Windows)

Testing Network Threat Protection (NTP, Network Attack Blocker or NAB) may appear tricky, as it is finely tuned to specific attacks only. During past years many detections were modified or removed to prevent major false detections. It is necessary to understand that NTP is not intended to prevent the following types of attacks:

• DoS
• Information Disclosure (port scanning)

There are different solutions on the market to deal with that. Our NTP mostly prevents network vulnerabilities exploits, which are far more dangerous, as they may allow remote code execution. For example, DoS inside the network is less probable. And if it is happening, then it indicates grater issues.

There are multiple approaches to test it. The list contains various 3rd party methods.

1. Metasploit module ms08_067_netapi will be detected as Intrusion.Win.MS08-67.exploit.*

2. Metasploit modules ms17_010_eternalblue and ms17_010_psexec will be detected as Intrusion.Win.MS17-010.*

3. Emulate RDP Brutforce attack using hydra utility which will be detected as Bruteforce.Generic.Rdp.*. Here is a syntax example: 

   hydra -v -f -L rockyou.txt -P rockyou.txt rdp://192.168.0.1

Edited October 15, 2023 by Antipova Anna