Jump to content
Kaspersky Support Forum

suspicious network activity reported by KES

MrPotatohead

By MrPotatohead
in Kaspersky Endpoint Security for Business

 Share

Recommended Posts

MrPotatohead

MrPotatohead

Posted
Posted

Hi there,

 

Can someone please explain what is happening here? Why is KES reporting this?  Is KES trying to connect to the mailserver and reporting itself to be suspuscious?

 

Event: Suspicious network activity detected
Application name: Kaspersky Endpoint Security
Application path: C:\Program Files (x86)\Kaspersky Lab\KES.12.2.0
User name: <Domain\user>
User type: Active user
Component: Protection
Event date: Today, 23-11-2023 08:39:37
Target server: <mailserver>
Account name: <Domain\user>
Number of attempts: 30
Interval (minutes): 2
Previous attempt: Today, 23-11-2023 08:24:37
Current attempt: Today, 23-11-2023 08:39:37

THask

THask

Posted
Posted

Hi Mr. Potatohead,

that Event is only meaning that KES named with Path to AVP.exe has detected a Suspicious network activity.

Could be a Mail what was downloaded or could be a connection to the Mail Server.

Sometimes it is only a false positive Detection.

But you can additional have a look on the Mail Server what happend on the Timestamp.

 

 

  • 2 weeks later...
muhammad.moin

muhammad.moin

Posted
Posted

Hello!

I also get this on some of my servers and don't know how to tackle it. What is the reason behind this? Is there anyone there who can help me out?

@MrPotatohead do you find any solution or option for this notification?

@THask Kindly share your suggestion and views regarding this please.

Arian.Mohammad

Arian.Mohammad

Posted
Posted

Hello, which component exactly detects that? Network threat protection?

do you have any EDR solution available? optimum, expert?

on the KES local interface, you can see Application Network Activity, Which process tried to connect to your server in the period of incident detection time?

  • Thanks 1
muhammad.moin

muhammad.moin

Posted
Posted
On 12/11/2023 at 5:17 PM, Arian.Mohammad said:

Hello, which component exactly detects that? Network threat protection?

do you have any EDR solution available? optimum, expert?

on the KES local interface, you can see Application Network Activity, Which process tried to connect to your server in the period of incident detection time?

Hello @Arian.Mohammad

We are using only KESB for Windows and Linux.

I am not clear about which process tries to connect to server.

JL - KL DACH

JL - KL DACH

Posted
Posted

Hello All,

please provide more details, the Event itself or Screenshots of what you are exactly mean.

The KES Event might be different than originally posted.

If you are unsure or not able to provide such information here open a new ticket with Kaspersky Support team to check into.

Thank you in advance

Best Regards

 

  • Thanks 1

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...