Kaspersky
Products
Support go
Community
Personal Account go
Check a file or link
Kaspersky Club go
Kaspersky Education go
Beta Testing
back back
support
Home Support
Business Support
Virus Fighting
back back
kaspersky club
Россия и СНГ
Global
back back
kaspersky education
Бесплатный образовательный портал
Free educational videocourses
back back
Personal Account
My Kaspersky
KSOS Management Console
CompanyAccount
Question

Intrusion.Win.CVE-2020-1350.b [MOVED]

  • 5 February 2021
  • 6 replies
  • 134 views
D

Hi everyone,

We have just installed the new Kaspersky for Windows Server 11.0.0.480 on our DNS domain controllers, and activated the “Network Threat Protection”.  We have started to receive some messages on the Kaspersky console about “Intrusion.Win.CVE-2020-1350.b”, some workstations seems to do DNS attacks.  We have scanned some of theses workstation with Kaspersky but no detected menaces on the workstations.  I’ve started to believe there is “false positive”.  Is anybody knowes some information about this kind of detection? If these are real menaces, is there a malware installed on theses workstations? 

 

6 replies

MilanBortel
Rank
Userlevel 3
Badge +2

Hi @dmkasp,
it happened to me also. This intrusion has been detected on devices with both KSWS and KES installed. What is funny - it was detected on Windows 10 devices, that obviously doesn’t have any DNS role installed and thus cannot become victims for that attack.. It can only affect Windows Server host with DNS role installed, is that your case?

From my communication with support I took it as false positive. I guess it detects some of our network monitoring tools sending the attacking packets..

Cheers,
Milan

Kaspersky Certified Trainer, Kaspersky Registered Partner, Kaspersky Certified System Engineer
D

Hi, we have Kaspersky on only our servers, so we doesn’t have detection from workstation.

I find the “Network Threat Protection” feature interesting, and now we receive this “false” DNS detection just for our DNS servers, but we don’t want to disable the feature ….

G

it happened to me also.

kaspersky support demanded to send trace data in the exact attack moment but it is so rare...

than i give up.

 

D

and if we want the protection continues for other types of attacks, we can’t avoid the 1350b detections from Kaspersky…  

 

is anyone have a trick for ignoring these false detections?

MilanBortel
Rank
Userlevel 3
Badge +2

Hi @dmkasp,

from what I know, you can only set that “attacker” as an exception in Network Threat Protection component:

Network Threat Protection 

But then the server would not be protected from any possible attack coming from that excluded device :unamused:

 

Cheers,
Milan

Kaspersky Certified Trainer, Kaspersky Registered Partner, Kaspersky Certified System Engineer
J

We have the same situation, but, the dns service restart too,  without  reason.  I think that is not a false  positive 

Reply / Ответить


 Utilities