annoying intrusion attempt detected alert

asanka
asanka W/ Alumni Posts: 49 Security Scout

Hi All,

 

Does anyone know how to disable this intrusion attempt detected alert!

 


Thanks allfirewall alert.png

Comments

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Hello,

     

    In my experience that alert is caused by the licence-enforcement broadcast traffic sent on the LAN by Kaspersky Lab products, a competing antivirus vendor from Russia.

     

    (Note: that datagram is actually not Microsoft LAN traffic on port 139 but IP traffic category 139, some kind of an encrypted identity protocol. Kaspersky takes it extremely seriously to prevent people pirating or overusing their softwares, they employ a lot of tech tricks for enforcement, some of them not so compatible with the rest of the world...)

     

    By the way, the module that catches such traffic and causes the alert on it, the IDS/IPS module is no longer present in the latest FSAVCS 12.10 product version. F-Secure Corp. says this kind of protection module is no longer relevant in today's threat environment.

     

    Best regards: Tamas Feher, Hungary.

  • RobertoSilvaChu
    RobertoSilvaChu W/ Alumni Posts: 33 Junior Protector

    Hi,

     

    In fact the IDS/IPS still exists in the 12.10 version, but its just removed from a IPS/IDS exclusive module and was integrated to DeepGuard Protection as HIPS.

    https://www.f-secure.com/documents/996508/1030745/deepguard_whitepaper.pdf

     

    I belive they removed the IPS/IDS module just because its getting a lot of false positive (because this module uses an old engine) and the "new" IPS/IDS engine works fine inside DeepGuard module.

     

    Best Regards,

     

    Ropberto Chu

     

     

This discussion has been closed.