Jump to content
Kaspersky Support Forum

network attack detected

hamza.amir

By hamza.amir
in Kaspersky Endpoint Security for Business

 Share

Recommended Posts

hamza.amir

hamza.amir

Posted
Posted

 

07/25/2025 5:14:29 pm

 

 

Network attack detected

 

 

User: VELOSISRV\9022 (Active user) Component: Network Threat Protection Result description: Blocked Name: Mac Spoofing Attack: unexpected ARP response Object: ARP from an unexpected source Object type: Network packet Object name: ARP from an unexpected source Additional: Suspicious: 7/25/2025 5:14:29 PM: f0-a6-54-7d-2c-55 -> 10.171.102.42 Database release date: 7/25/2025 2:44:00 PM

 

 

Kaspersky Endpoint Security for Windows (12.9.0)

>>

 

 

12.9.0.384

 

 

Critical

 

 

N

 

5 minutes ago, hamza.amir said:

 

07/25/2025 5:14:29 pm

 

 

Network attack detected

 

 

User: VELOSISRV\9022 (Active user) Component: Network Threat Protection Result description: Blocked Name: Mac Spoofing Attack: unexpected ARP response Object: ARP from an unexpected source Object type: Network packet Object name: ARP from an unexpected source Additional: Suspicious: 7/25/2025 5:14:29 PM: f0-a6-54-7d-2c-55 -> 10.171.102.42 Database release date: 7/25/2025 2:44:00 PM

 

 

Kaspersky Endpoint Security for Windows (12.9.0)

>>

 

 

12.9.0.384

 

 

Critical

 

 

N

 

 

i face that issue daily i wanna trace this

 

Tahmeed702

Tahmeed702

Posted
Posted
4 hours ago, hamza.amir said:

 

07/25/2025 5:14:29 pm

 

 

Network attack detected

 

 

User: VELOSISRV\9022 (Active user) Component: Network Threat Protection Result description: Blocked Name: Mac Spoofing Attack: unexpected ARP response Object: ARP from an unexpected source Object type: Network packet Object name: ARP from an unexpected source Additional: Suspicious: 7/25/2025 5:14:29 PM: f0-a6-54-7d-2c-55 -> 10.171.102.42 Database release date: 7/25/2025 2:44:00 PM

 

 

Kaspersky Endpoint Security for Windows (12.9.0)

>>

 

 

12.9.0.384

 

 

Critical

 

 

N

 

 

i face that issue daily i wanna trace this

 

Take GsiLogs https://media.kaspersky.com/utilities/CorporateUtilities/GSIB-6.2.2.82.exe from that workstation where attack is detected and raise a ticket on https://companyaccount.kaspersky.com/ share the logs in the ticket 

Renan Corassa

Renan Corassa

Posted
Posted

The MAC address f0-a6-54-7d-2c-55 belongs to an Apple device.

Check your network for the MAC address in the ARP table.

Apple TV? iPhone? Whatever.

hamza.amir

hamza.amir

Posted
  • Author
Posted (edited)
On 7/25/2025 at 5:54 PM, hamza.amir said:
 

We have installed Kaspersky EDR (v12.9.0.384) on 300 endpoints. Every day, we receive "Network Attack Detected: MAC Spoofing – Unexpected ARP Response" alerts from multiple devices with different MAC addresses.

Example log:
Time: 07/26/2025 12:45:46 AM
User: VELOSISRV\winadmin2
MAC: 18-93-41-C0-63-8B → IP: 10.171.101.239
Status: Blocked by Network Threat Protection

We are unsure how to trace or resolve these alerts due to the large number of devices involved.

 

image.thumb.png.13fdcce423e6bc722fe5d183212007e3.png

 

 

 

 

 

image.thumb.png.c56f89d1b1b4595433338492290dea8d.png

Edited by hamza.amir

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...