Reputation lists

To restrict the activity of dangerous network nodes, Kaspersky Container Security uses the following reputation sources, which contain resource statuses:

• Local list. The solution gets this list from the Kaspersky reputation databases.
• User-defined list. This list is compiled by the user based on the user's own understanding of resource reputations.

To select the reputation source to be used for the scan:

1. Go to the Policies → Runtime → Container runtime profiles section.
2. Click Reputation sources button above the table of container runtime profiles.
3. In the sidebar, in the Use reputation list section, select a list by clicking the corresponding button. You can select the following options:
   • User-defined source
   • Local source
   • Both lists

   If the custom reputation list is not loaded, reputation sources cannot be selected, and only the local reputation list is used.

   Kaspersky Container Security matches the status of an IP address or domain name of the network resource against the information from the applicable runtime policies.

When checking the reputation, the solution correlates the status of the IP address or domain name from the reputation list with the data obtained by the agent when implementing runtime policies. If the status matches the policy information, the resource is considered verified, and further communication with this IP address or domain name is allowed. If no such match is found, an action is performed in accordance with the selected response mode of the policy.

Kaspersky Container Security has the following reputation statuses for resources:

• Danger means the IP address, DNS server, or domain name of the resource has a bad reputation (for example, malware or phishing is confirmed).
• Warning means the IP address or domain name of the resource has a dubious reputation (for example, checking against anti-virus databases detected Adware)
• Good means the IP address, DNS server, or domain name of the resource has a good reputation.
• No data means the reputation of the IP address, DNS server, or domain name of the resource is unknown.

When checking against the user-defined and local reputation lists, the solution may find that the same resource has different statuses. The final reputation status of such a resource corresponds to the worst of the reputation statuses in the following order of priority: Danger – No data – Warning – Good.

The user-defined reputation list has a higher priority than the local reputation list.

Page top