I am on Version 9.5 (have not upgraded to SP1)
When I log into any computer and open up Kaspersky and view the reports I see alarm events for each day.
Event name: Network attack detected
Event Component: Network Attack Blocker
Result: Blocked: Scan.Generic.TCP
Object: TCP from 10.1.3.48 to local port 8008
The IP shown above is for my Core Server.
Note that the port attacks vary each day and have included ports: 7070, 5000, 389, 13 and others
I have attached a snapshot from one of my machines.
Any ideas on what I should do?
Do you have a regular UDD scan enabled for the subnets containiing these devices? If so, do you have OS Fingerprinting enabled in the configuration? The ports you list aren't any standard LANDesk ports but during the fingerprinting tests many ports will be checked by the nmap process. Perhaps it is that detection routine that is causing this?
MarXtar Ltd/MarXtar Corporation
LANDesk Expert Solution Provider
The One-Stop Shop for LANDesk Enhancements
Update - New Stand-Alone State Notifier Console for Service Desk Operators
Update - State Notifier now detects machine and user Idle states
Update - WoW & State Notifier now integrate for even more functionality
I have a daily scan for unmanaged devices. T
The items had a checkmark:
Discover devices using a standard network scan
IP OS Fingerprinting
I unchecked IP OS Fingerprinting. I'll see what happens over the next couple days and report back.
I think that did it.