Kaspersky PURE Release 2

 
 
 

Encrypted connections scan in Kaspersky PURE R2

Back to "Technical articles"
2012 Aug 31 ID: 5022
 
 
 
 

Applies to Kaspersky PURE R2

Kaspersky PURE R2 can scan network traffic for viruses using the SSL protocol

SSL Protocol (Secure Socket Layer) allows detecting the server authenticity via browser and also provides encrypted “personal” connection channel between user computer and the server. This protocol is widely used both for web-servers and mail servers. Gmail is a vivid example of such mail server. 

SSL connection protects data exchange channel in the Internet. The SSL protocol allows identifying the sides which exchange data based on electronic certificates, encrypts the transferred data and provides data integrity when transferring. 

These protocol peculiarities are often misused by cyber-criminals to spread Malware as most anti-virus products do not check SSL-traffic. 

Kaspersky Lab's experts recommend checking SSL-traffic if you are on a suspicious web-resource and when you navigate to another page data transfer by SSL-connection starts. Most probably a malicious program is being transferred by the encrypted protocol. 

To scan encrypted connection Kaspersky PURE R2 substitutes the required security certificate by the self-signed certificate. 

Sometimes the programs that establish connection, refuse accepting this self-signed certificate and as a result do not establish connection. Kaspersky Lab's experts recommend disable check of SSL-traffic:

  • when connecting to trusted web-resource, for example with the web-page of your bank on which you manage your personal account. In this case it is important to get authenticity confirmation of the bank certificate.
  • if the program which establishes connection checks the certificate of the required web-resource without dialog with the user. For example, the program MSN Messenger when establishing secure connection with the server, checks authenticity of the Microsoft Corporation digital signature.

In order the application scans encrypted connections, it is required to enable encrypted connections scan.

 
 
 
 
Did the provided info help you?
Yes No