Kaspersky
Solved

Bruteforce.Generic attack on MSSQL server

  • 11 September 2019
  • 4 replies
  • 186 views

Hi everybody,
I would ask your help to solve my problem with Kaspersky Small Office Security 6. The antivirus is installed on our server Windows Server 2016, no any update was done in last months. Our server is networked in internal LAN.
By desktop computers everyday we use accounting software that comunicate with database Microsft SQL Server installed on server. In addition we connect to server also using native Windows remote desktop service. In this way we can use two different instance of accounting software at same time. This procedure is approved by software producer.
For a few days, just for a unique desktop computer, Kaspersky is blocking connection because it's detecting intrusion prevention on port 1433. Server logs reports that intrusion prevention is blocked on MSSQL server port due "bruteforce attack".
I tried to allow TCP connection to port 1433 for all LAN IP addresses but I haven't solved my problem. I also tried to open all server ports to allow all internal LAN traffic, but nothing changed.
How can I solve this problem? How can I add exclusion to Kaspersy intrusion? I can't find any button in this section.

P.S. Software updates is disabled for server and for all desktop client. The software configurations was not changed from months.

Thank you for your support!
Best regards

icon

Best answer by Caos 11 September 2019, 10:23

View original

4 replies

Userlevel 7
Badge +6
Hi,

Please create a request to https://companyaccount.kaspersky.com/

Review: https://community.kaspersky.com/kaspersky-corporate-products-27/bruteforce-generic-mssql-b-3259

Regards
Ok, I will do.
Thank you!
Userlevel 7
Badge +6
Hi,

You´re welcome.

Regards
Userlevel 5
Badge
Hi, most likely this is a false detection, that will be fixed with an update next week. Sorry about the incoveniences.

Reply / Ответить