I have KIS 18.104.22.1688d installed on my Windows 10 x64 1809 desktop and router forwarding port 22 from WAN to my desktop port 22 (I know its dangerous and I forget to close the port forwarding after I test something earlier this year). I have OpenSSH client/server installed on my Windows 10 (the ones provided by Windows) which allow I ssh connect my desktop from outside.
Since then I notice that from time to time that Windows Defender/Firewall notify me they have themselves turned on because KIS snoozed. And some notification saying they have turned off again because KIS comes back alive. Also I receive KLAVA update failed from time to time. Both usually happen once-twice per day, KLAVA error will go away if I restart my desktop but after like 2 days I will get that error/KIS restarted itself randomly again.
So last weekend I was just curious and check Windows event log and discovered tons and tons of failed ssh login attempts and I realize I have port 22 exposed on the WAN so I closed the port forwarding rule. And since then KIS has not restarted itself randomly nor I get any KLAVA update error.
KIS did not warn me about ssh brute force attack tho, unlike I once exposed RDP 3389port to WAN KIS did warn me on RDP brute force on port 3389. I have a strong windows user account password so I do think those random attackers never succeed.
Anyway because I am no expert and I am really curious anyone can do a test on WIndows 10 x64 1809 with OpenSSH client/server with KIS22.214.171.1248d and brute force port 22 from outside and see if you can reproduce KIS restarting itself randomly and have KLAVA update error.