- About this Help Guide
- About Kaspersky Security for Virtualization 6.0 Agentless
- What’s new
- Application architecture
- Managing the application via Kaspersky Security Center
- Preparing for application installation
- Installing the application
- Installation of the Kaspersky Security main administration plug-in and Integration Server
- Installation of the Kaspersky Security administration plug-in for tenants
- Result of installation of the Kaspersky Security administration plug-ins and Integration Server
- Configuring the Integration Server
- Registration of Kaspersky Security services
- Connecting to VMware NSX Manager
- Selecting an SVM image for the file system protection service
- Selecting an SVM image for the network protection service
- Selecting the traffic processing mode for the Network Threat Protection component
- Configuring the connection settings for an SVM
- Creating passwords for accounts on SVMs
- Selecting the time zone for SVMs
- Configuring the settings for connecting to network data storage
- Confirming Kaspersky Security settings
- Registration of Kaspersky Security services
- Exiting the wizard
- Viewing registered services in the VMware vSphere Web Client console
- Deploying SVMs with the File Threat Protection and Network Threat Protection components
- Configuring NSX Security Groups
- Configuring and applying NSX Security Policies
- Configuring protection of tenant organizations
- Preparing the application for operation and initial configuration
- Upgrading from a previous version of the application
- Upgrading the application installed in an infrastructure managed by a VMware vCenter server and VMware NSX Manager
- Upgrading the application installed in an infrastructure managed by a VMware vCenter Server and VMware vShield Manager, with migration to the VMware NSX platform
- About installing a new version of the Kaspersky Security administration plug-in and Integration Server
- SVM Update
- Converting policies and tasks
- Changing settings of Kaspersky Security
- Changing the connection settings for interaction between the Integration Server and VMware NSX Manager
- Changing the SVM image for the file system protection service
- Changing the SVM image for the network protection service
- Viewing information about the traffic processing mode for the Network Threat Protection component
- Changing the connection settings for an SVM
- Changing passwords for accounts on SVMs
- Changing the time zone for SVMs
- Changing settings for connecting to network data storage
- Starting Kaspersky Security reconfiguration
- Kaspersky Security reconfiguration process
- Exiting the wizard
- Removing the application
- Application licensing
- About the End User License Agreement
- About data provision
- About the license
- About the License Certificate
- About the license key
- About the key file
- About the activation code
- About subscription
- About application activation
- Application activation procedure
- Renewing a license
- Renewing subscription
- Viewing information about keys in use
- Starting and stopping the application
- Protection status
- Virtual machine file threat protection
- Conditions for protection of virtual machines against file threats
- Configuring main protection profile settings
- Managing additional protection profiles
- Creating an additional protection profile
- Viewing the protected infrastructure in a policy
- Assigning protection profiles to virtual infrastructure objects
- Assigning protection profiles by using NSX Profile Configurations
- Changing the protected infrastructure for a policy
- Disabling file threat protection for virtual infrastructure objects
- Scanning virtual machines
- Conditions for anti-virus scan of virtual machines
- Creating a full scan task
- Creating a custom scan task by using the main plug-in
- Creating a custom scan task by using the tenant plug-in
- Configuring virtual machine scan settings in a scan task
- Configuring the scan scope in a scan task
- Configuring the Custom Scan task scope
- Configuring the scan task run schedule
- Network Threat Protection
- Application database update
- Backup
- Events, notifications, and reports
- Participating in Kaspersky Security Network
- SNMP Monitoring of SVM status
- Automatic installation of application patches
- Application components integrity check
- Instructions on managing the application for a tenant organization administrator
- About Kaspersky Security for Virtualization 6.0 Agentless
- Deploying protection of the virtual infrastructure of a tenant organization
- Managing File Threat Protection
- Scanning virtual machines
- Participating in Kaspersky Security Network
- Obtaining protection status information
- Removing the Kaspersky Security administration plug-in for tenants
- Contacting Technical Support
- Sources of information about the application
- Appendix. Brief instructions on installing the application
- Glossary
- Activation code
- Active key
- Additional key
- Administration group
- Administration Server
- Application activation
- Application activation task
- Application database update task
- Backup
- Backup copy of a file
- Compound file
- Custom Scan task
- Database of malicious web addresses
- Database of phishing web addresses
- Desktop key
- End User License Agreement
- Full Scan task
- Kaspersky CompanyAccount
- Kaspersky Security Network (KSN)
- Key file
- Key with a limitation on the number of processor cores
- Key with a limitation on the number of processors
- KSC cluster
- KSC cluster protected infrastructure
- License
- License certificate
- License key (key)
- Main protection profile
- Multitenancy mode
- Network Agent
- OLE object
- Policy
- Protection profile
- Server key
- SVM
- Update rollback task
- Updates source
- Information about third-party code
- Trademark notices
Network Threat Protection > Configuring exclusions from Network Threat Protection
Configuring exclusions from Network Threat Protection
Configuring exclusions from Network Threat Protection
In a policy, you can configure network threat protection exclusion rules that Kaspersky Security will use to exclude traffic of specific IP addresses from scans or apply special actions when processing such traffic. You can define exclusion rules for traffic from specific IP addresses or for traffic from all IP addresses in an IP subnet. When generating the scope of rules, the application takes into account whether or not the traffic is from a virtual LAN (VLAN).
If a group of virtual switch ports is running in Virtual Switch Tagging (VST) mode and exclusion rules are applied to traffic of virtual machines associated with this group of ports, the application does not take into account whether or not the traffic belongs to a virtual local area network (VLAN).
To configure a network threat protection exclusion rule:
- In the Kaspersky Security Center Administration Console, open the properties of the policy whose scope includes the relevant virtual machines:
- In the console tree, select the folder or administration group in which the policy was created.
- In the workspace, select the Policies tab.
- Select a policy in the list of policies and double-click the policy to open the Properties: <Policy name> window.
- In the policy properties window, in the Network threat protection section, select the Exclusions from protection subsection.
- Click Add or press INSERT and specify the scope of the exclusion rule in the Scopecolumn.
The scope of a network threat protection exclusion rule describes the traffic that Kaspersky Security excludes from scanning or the special actions that Kaspersky Security applies when processing such traffic.
The column can contain one of the following values:
<traffic source> novlan. The exclusion rule is applied to traffic from the specified source not marked with a tag of a specific VLAN.<traffic source> vlan <ID>. The exclusion rule is applied to traffic from the specified source marked with a tag of the VLAN with the specified ID.<traffic source> vlan 4095. The exclusion rule is applied to traffic from the specified source marked with a tag of a VLAN with any ID in the range of 1–4095.<traffic source> vlan *. The exclusion rule is applied to traffic from the specified source regardless of whether there is a VLAN tag.
where:
<traffic source> is the IP address of the network device or subnet in IPv4 or IPv6 format, for example: 192.168.0.1, 192.168.0.0/16, fd00::1, fd00::/64
<ID> is the VLAN ID, which may take a value in the range of 1–4094.
- Select an exclusion rule in the Rulecolumn.
This drop-down list lets you select a rule that Kaspersky Security will apply when processing traffic from IP addresses that are included in the exclusion rule scope:
- Default. When processing traffic from IP addresses that are included in the rule scope, Kaspersky Security applies the action configured in the Intrusion Prevention settings and/or in the web addresses scan settings. This option lets you flexibly configure exclusions for IP subnets. For example, you can define an exclusion rule for traffic of an IP subnet as a whole, while not applying the rule for traffic from specific IP addresses from this IP subnet.
- Do not scan. Kaspersky Security does not scan traffic from IP addresses that are included in the rule scope. Kaspersky Security does not detect network attacks and suspicious network activity in the traffic of these IP addresses. Kaspersky Security does not scan web addresses requested from these IP addresses.
- Do not block. Kaspersky Security does not block traffic from IP addresses that are included in the rule scope. If activity typical of network attacks and/or suspicious network activity is detected in the traffic of these IP addresses, Kaspersky Security does not block traffic from these IP addresses, regardless of the configured actions on threat detection. This exclusion rule may be applied if the Terminate connection and block traffic from sender's IP address action is defined in the Intrusion Prevention settings.
If traffic of IP addresses included in the rule scope had been previously blocked, Kaspersky Security unblocks it after it is excluded from blocking.
- Ignore. Kaspersky Security detects network attacks and/or suspicious network activity in traffic from IP addresses that are included in the rule scope, but does not take any action on traffic from these IP addresses. Kaspersky Security does not block access to dangerous and unrecommended web addresses requested from these IP addresses, regardless of the configured web address scan settings. This exclusion rule may be applied if the Terminate connection or Terminate connection and block traffic from sender's IP address action is defined in the Intrusion Prevention settings.
- If necessary, use the arrows above the list to change the position of the created exclusion rule in the list. The rule priority is determined by its position in the list. If you set multiple rules for the same scope, the rule positioned higher in the list is applied first.
- In the Properties: <Policy name> window, click OK.
Article ID: 67238, Last review: Oct 4, 2024