Dmitry_blagovest Posted August 11, 2021 Author Share Posted August 11, 2021 Good afternoon. There is a server platform with installed windows server 2008r2 - 2012r2 x64 bit. All servers are located in the same domain, universal security policy settings are applied everywhere, without group support and pairing with kaspersky security center 11. All servers have the built-in windows firewall and KES firewall disabled.The problem itself: Internet access is lost - not a single browser page is opened, smb access to shared folders does not work (ports both new and old - smb v2-v3), consultant +, 1c enterprise does not function properly (you cannot see contractors online or regional exchange does not work).An attempt to solve the problem was, initially, adding ip-addresses to exceptions as well as folders with software. - did not help.It helped either to completely turn off the Kaspersky antivirus on the server, or to reboot the server, it was enough for 2-3 days, maximum.We tried to disable it in the “protection against network threats” tab - consider port scanning and intensive network requests as attacks, it did not helpWe tried to disable it in the “Network Threat Protection” tab - add the attacking computer to the block list for 60 minutes (default -) - did not helpIt helped as a temporary solution - a complete shutdown of the component - protection against network threats, but there is no benefit, then there is no benefit from this component.p.s .: This problem was not observed on either KES 10.3 or KES 11.2-11.4. We did not try version 11.5, but immediately jumped with a patch from 11.4 to 11.6. Link to comment Share on other sites More sharing options...
raviparker Posted August 15, 2021 Share Posted August 15, 2021 Hello,what do you mean by “universal security policy settings are applied everywhere”. Kindly make sure you are using 2 different policies for servers and clients. And also, those policy must correspond their respective ones. Both the policies are different as far as there settings are concerned.You can check this by going into the policy tab on managed devices. From my experience this happens when you use client policies on server. Link to comment Share on other sites More sharing options...
Dmitry_blagovest Posted August 16, 2021 Author Share Posted August 16, 2021 Hello, what do you mean by “universal security policy settings are applied everywhere”. Kindly make sure you are using 2 different policies for servers and clients. And also, those policy must correspond their respective ones. Both the policies are different as far as there settings are concerned. You can check this by going into the policy tab on managed devices. From my experience this happens when you use client policies on server. Policies on the servers are applied by their own, on client computers - different, they are different. Link to comment Share on other sites More sharing options...
raviparker Posted August 16, 2021 Share Posted August 16, 2021 Hello there, Thanks for confirming. Then for the next steps you can check the logs or the events triggered when such blockage are encountered. Isolate the server and check for any such findings. Link to comment Share on other sites More sharing options...
Dmitry_blagovest Posted August 16, 2021 Author Share Posted August 16, 2021 Hello there, Thanks for confirming. Then for the next steps you can check the logs or the events triggered when such blockage are encountered. Isolate the server and check for any such findings. Good afternoon, the funny thing is that there is no information in the magazines, I have reviewed it, up and down. Link to comment Share on other sites More sharing options...
Recommended Posts