The Intrusion attempt blocked dialog warns user that Kerio Personal Firewall detected a host intrusion attempt and blocked it.
Note: Behaviour of Kerio Personal Firewallu for detection of these intrusions can be set in chapter 12. Host Intrusion Prevention System (HIPS)). The Intrusion attempt blocked dialog is displayed when there is no corresponding exception defined for the applications involved or if the Do not display warnings for these event types option is disabled (see chapter 12. Host Intrusion Prevention System (HIPS)).
- Event description
At the top of the dialog window, a description of the event detected is provided, including recommended response.
- Event name
The light-blue strip provides information that an intrusion attempting to get into the host system has been detected. The following intrusion types can be detected:
Buffer overflow — for more information on this intrusion type, see chapter 12. Host Intrusion Prevention System (HIPS).
Code injection — this intrusion type is described in chapter 12. Host Intrusion Prevention System (HIPS).
- The icon and paths to applications
Right below the event name, paths to the target and injector applications as well as corresponding icons can be found (see figure 5.16. Code injection detected — Icons and intrusion description). If the application does not use any icon, the standard system icon for executable files is used.
In case of Buffer overflow events, only the process where the intrusion was detected is provided (see figure 5.17. Buffer overflow detected — Icon and intrusion description).
- Allow intrusion attempt information sending
The Allow technical details to be transmitted to Kerio option which is enabled by default allows Kerio developers use information about intrusions to improve the detection system. Only the contents of the warning dialog will be sent to Kerio Technologies.
- Close
Use this button to close the warning dialog. It is recommended to check intrusion details in the HIPS log (see chapter 16.6. HIPS Log) upon closing the dialog.
- Intrusion details
The Details section provides detailed information about both the attacked and the attacking application (only the process in case of Buffer overflow) — full path to their executable files, application description, version number, etc.
