Scan.Generic.PortScan.TCP popups

[gunny]

Hello  guys, 

 

recently my KIS popped up a notification like 8 times under one minute and it happened in any other day too.

It said “The network attack Scan.Generic.PortScan.TCP has been blocked”

I’ve been searching in the internet that the PortScanning is kinda dangerous, and can steal data. 

The attack came from the same IP but different port, I’ve also looked up the attacking computer IP, and found that the IP is private and I cannot locate it (although maybe not important to locate).

 

I just worried that a hacker might steal my data / information and hack my accounts. Is there something I can do or simply relying on Kaspersky to continuously blocking the attack is enough? Any suggestions? 

 

Thank you in advance

[Berny]

@gunny Welcome.

Please submit log files below to K-Lab Technical Support

GSI Log : https://support.kaspersky.com/common/diagnostics/3632

Network Trafic Log : https://support.kaspersky.com/common/diagnostics/13130

[Wesly.Zhang]

Hello, @gunny 

I’ve also looked up the attacking computer IP, and found that the IP is private

Let me guess, The attack IP is from 192.168.0/1.xxx? right?

Regards.

[Khesab]

Today I got this notification:

94.102.49.104   
Network attack detected    TCP   
Active user   
Detected object is added to exclusions   
Scan.Generic.PortScan.TCP   
Detected object is added to exclusions: Scan.Generic.PortScan.TCP   
TCP from 94.102.49.104 to local port 7730   
TCP from 94.102.49.104 to local port 7730   
Network packet    7730       
Today, 9/25/2020 3:14 PM

 

Using KIS 21.1.15.500(b)

Is it dangerous and what is recommended to do? Thanks in advance!

[Friend]

Hi, @gunny , @Khesab,
You can read more about this attack in the following articles:
https://encyclopedia.kaspersky.com/glossary/port-scanning/

https://threats.kaspersky.com/en/threat/Scan.Generic.TCP/
https://threats.kaspersky.com/en/class/Scan/

This can be either a real attack or a false positive if the same conditions are present in the traffic that are suitable for the attack. The attack should be perceived in a different way than usual - it is simply scanning for what network services are installed on the computer and running, from which the attacker can conclude which services may be vulnerable and take further action. By itself, this attack does nothing wrong.
These attacks can come from a single computer or from multiple computers (hosts) if the scan port is launched from multiple machines. Usually this is some utility like nmap. Kaspersky Internet Security blocks these attacks (packets), you don't need to do anything else.

[Khesab]

Thanks @Friend!

Is there any need for blocking that IP with Firewall packet rules?

And I don’t know it is important or not, but I got that notification during zoom video conference.

 

[Johny]

Is the free Kaspersky enough to protect me from these atacks?

[Flood and Flood's wife]

Hello @gunny, @Khesab & @Johny, 

Please refer to advice from @Igor Kurzin in @mikki’s topic Frequent network attack detected, Scan.Generic.PortScan.UDP

qte

This is an error on the side of the product:

“Network attack detected, Detected object is added to exclusions”

In fact this means that there is no attack, the network packet does not present any danger and should not be detected. This information should not be displayed to the user. 

This will be fixed in MR2 release, which is expected in November. 

unqte

Thank you🙏

Flood+1🐳

Disclaimer, we have no association with Kaspersky. 

[Igor Kurzin]

Hi Flood+1whale,

To fully identify that this Scan.Generic.PortScan.TCP is the known issue, one needs to check the report and make sure the string: “Detected object is added to exclusions” is present. If the attack is blocked and there is no “Detected object is added to exclusions” - we need to further investigate.

Hi @gunny, 

Please check the reports via More Tools → Reports → select Network Attack Blocker on the left site → check that attacks have this string: “Detected object is added to exclusions”

Hi @Johny, 

Yes, Kaspersky Free protects against network attacks.

See more here. 

Regards,

Igor

[Flood and Flood's wife]

Hello @Igor Kurzin, 

Good, thank you for taking the time to share the clarification. It will help everybody. 

Thank you🙏

Flood+1🐳

Disclaimer, we have no association with Kaspersky. 

[Johny]

Hello again

Thank you for the reply

I just need an explanation couse:
“Please check the reports via More Tools → Reports → select Network Attack Blocker on the left site → check that attacks have this string: “Detected object is added to exclusions”

I don’t have that “string” you are talking about

I know it’s in diffrent language but there is nothing more to see here,this is the detailed reports page,I can only see what you can on the image,nothing more

 

[Flood and Flood's wife]

Hello @Johny, 

1. Change the Report to 24hrs or 7 days, whichever timeframe adequately captures enough of the TCP events for us to look at the data; EXPORT the Report, save as a .txt file, attach📎 to your topic/reply please? 

   Do not worry that the report is not in English, we can work with data in all languages ??

    

2. Check if Kaspersky Security Cloud v21 (free) is available in your region/location, if “yes” please uninstall the existing free software, install  Kaspersky Security Cloud v21 (free)  & recheck the issue? 

@Igor Kurzin, can you engage as well please to answer @Johny’s query? 

Thank you🙏

Flood+1🐳

Disclaimer, we have no association with Kaspersky. 

[Igor Kurzin]

Hi @Johny , 

It looks like an actual attack which has been blocked, so you have nothing to worry about. Kaspersky is doing its job protecting you. 

To verify that it is not a false detection, we would need traces and network logs submitted to technical support via my.kaspersky.com. 

Regards,

Igor

[Flood and Flood's wife]

Hello @Igor Kurzin,

Thank you🙏  

Hello @Johny, 

If Technical Support say they cannot help, because you are using the free Kaspersky software, tell them @Igor Kurzin told you to raise the incident, add the URL/link to this topic in your incident request & please PM the incident reference number to @Igor Kurzin. 

• To raise the incident, follow the template below, for Operating system , fill in your information, don’t copy ours unless it’s the same

 

• After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will communicate with you, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in your MyKaspersky account.
• Please share the outcome, with the community, when it’s available?

Thank you🙏

Flood+1🐳

Disclaimer, we have no association with Kaspersky. 

[Florian Weber]

Hello, 

I seem to have a similar issue and i cant contact support since the confirmation email is broken and i cant confirm my account (yes i tried send again they dont send a new one but this is not the issue here). My Problem is that i get attack notifications from my own mail adress and they didnt pop up until today and iam getting about 1 every minute i dont know how to fix it since i dont think its and attack.

btw 

nicht bearbeited : not processed

Heute : Today

Netzwerkangriff erkannt: Network attack detected

[Berny]

@Florian Weber Welcome.

Please try with Live Chat here https://support.kaspersky.com/b2c/ 

[Florian Weber]

@Florian Weber Welcome.

Please try with Live Chat here https://support.kaspersky.com/b2c/ 

i dont see an option for live chat support or am i reading ur message wrong

 

[Berny]

@Florian Weber Please see “Choose a communication channel”

[Florian Weber]

@Florian Weber Please see “Choose a communication channel”

I think the link isnt working properly because i couldnt confirm my email

[Berny]

@Florian Weber Did you try “Chat” ?

[Florian Weber]

@Florian Weber Did you try “Chat” ?

there is no option to chat its jsut the normal support page

 

[Flood and Flood's wife]

there is no option to chat its just the normal support page

 

Hello @Florian Weber, 

Also, if this chat is not correct, let us know your location please, we’ll find the right one

 

Thank you🙏

Flood🐳+🐋

 

[Florian Weber]

thank you very much it is the correct one ill try over there