To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

annoying intrusion attempt detected alert

asanka W/ Alumni Posts: 49 Security Scout

Hi All,


Does anyone know how to disable this intrusion attempt detected alert!


Thanks allfirewall alert.png


  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master



    In my experience that alert is caused by the licence-enforcement broadcast traffic sent on the LAN by Kaspersky Lab products, a competing antivirus vendor from Russia.


    (Note: that datagram is actually not Microsoft LAN traffic on port 139 but IP traffic category 139, some kind of an encrypted identity protocol. Kaspersky takes it extremely seriously to prevent people pirating or overusing their softwares, they employ a lot of tech tricks for enforcement, some of them not so compatible with the rest of the world...)


    By the way, the module that catches such traffic and causes the alert on it, the IDS/IPS module is no longer present in the latest FSAVCS 12.10 product version. F-Secure Corp. says this kind of protection module is no longer relevant in today's threat environment.


    Best regards: Tamas Feher, Hungary.

  • RobertoSilvaChu
    RobertoSilvaChu W/ Alumni Posts: 33 Junior Protector



    In fact the IDS/IPS still exists in the 12.10 version, but its just removed from a IPS/IDS exclusive module and was integrated to DeepGuard Protection as HIPS.


    I belive they removed the IPS/IDS module just because its getting a lot of false positive (because this module uses an old engine) and the "new" IPS/IDS engine works fine inside DeepGuard module.


    Best Regards,


    Ropberto Chu



This discussion has been closed.