Kaspersky

network attack

  • 19 July 2021
  • 1 reply
  • 38 views

Hi Team I have in the Kaspersky Report the alert of “ Scan.Generic.PortScan.UDP    192.168.1.221:7    worm”  and I would like to know if it’s real attack or if is it an error or false positive ?

Kaspersky Version for server is 10.1.2.996

Thanks

 


1 reply

Userlevel 5
Badge +3

Dear user,

Thanks for your post. From admin perspective, you should take a look of timestamp for that event and check internally with other colleagues if someone used a Port Scan application like NMAP, WireShark or any other. 

Check the field “Attacking computer IP”. If there is an internal address, this could be an FP.  

Reply