kaspersky on webserver

[atWORK]

Hi,

 

I know this might be a silly question but then why would our server go down when there is this network attack on our system? Is  kaspersky blocking an attempt not sufficient enough than to take the whole web server down?.

 

We are running IIS as the application

 

Event 'Network attack detected' has occurred on device [DEVICE-NAME] in Windows domain [DOMAIN-NAME] on 2022-01-20T21:31:02

User: DOMAIN\Username (Active user)

Component: Network Threat Protection

Result description: Blocked

Name: UMIDS:Intrusion.Generic.CVE-2021-44228.a

Object: TCP from 192.168.X.X at 192.168.X.X:80 Object type: Network packet Object name: TCP from 192.168.X.X at 192.168.X.X:80

Additional: 192.168.X.X

Database release date: 2022/01/20 01:41:00 PM

NB: Endpoints in bold is the ip address of the server affected.

[DonKid]

Please, open a ticket here.

[LAANBARE]

Hi,

 

I have the same problem. We have a server with IIS application run on it . Kaspersky Endpoint Security version 11  block communication from the load balancer (VS) to the server.

 

User: DOMAIN\Username (Active user)

Component: Network Threat Protection

Result description: Blocked

Name: UMIDS:Intrusion.Generic.CVE-2021-44228.b

Object: TCP from 172.16.X.X at 172.17.X.X:80 

Object type: Network packet Object name: TCP from 172.16.X.X at 172.17.X.X:80

Additional: 172.17.X.X

Database release date: 206/02/2022 07:08:00

 

NB : 172.16.X.X (VS) 172.17.X.X (Server)

 

Please help !!!!

[DonKid]

Please don't open the same question in other threads.

Is your product KESCloud?

[LAANBARE]

Thanks for your feedback

 

No isn’t Could . on prem

[saddafkhan009]

Please, open a ticket here.

Good idea. You can do it. If you have any questions about your site, then do not hesitate to ask me through my BPO contact.