Network Attack Protection enables the software to detect and prevent these attacks in the early stages:
- DCShadow: Allows a hacker with compromised, privileged credentials to register a rogue domain controller. The adversary can then push any changes they like via replication, including changes that grant them elevated rights and create persistence.
- EternalBlue: Exploits the CVE-2017-0144 vulnerability in the Microsoft implementation of the Server Message Block (SMB) Protocol. Windows machines not patched against this vulnerability can allow illegitimate data packets with malware such as a trojan or ransomware (for example, WannaCry ransomware attack).
- BlueKeep: Exploits the CVE-2019-0708 vulnerability on Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Vista, and Windows XP devices. The threat has the potential to devastate networks as it can spread between computers as a worm.
- ZeroLogon: Exploits the CVE-2020-1472 vulnerability in the cryptography of Microsoft's Netlogon process to allow an attack against Microsoft Active Directory domain controllers. ZeroLogon makes it possible for a hacker to impersonate any computer, including the root domain controller.
If needed, you can exclude the detection of a specific network attack on all computers in the account. When you exclude a network attack, your computers are still protected from the remaining network attacks in the list.
To add an exclusion, next to the network attack Action, click the tooltip. In the pop-up that opens, click Do not detect again. In the dialog box that opens, you can enter specific IP addresses for the devices you want to exclude from detection.
