Configuring the Encrypted Connections Scan feature

The Encrypted Connections Scan feature allows the Web Threat Protection, Web Control, and Cloud Discovery features to control and process encrypted connections (connections over the HTTPS protocol).

You can enable or disable the Encrypted Connections Scan feature. You can also configure the list of trusted domains. Encrypted connections made during visits to those domains are not controlled and processed.

This feature is available only for Kaspersky Endpoint Security for Windows version 11.1 or later.

To enable or disable Encrypted Connections Scan:

  1. Open Kaspersky Endpoint Security Cloud Management Console.
  2. Select the Security managementSecurity profiles section.

    The Security profiles section contains a list of security profiles configured in Kaspersky Endpoint Security Cloud.

  3. In the list, select the security profile for the devices on which you want to configure Encrypted Connections Scan.
  4. Click the link with the profile name to open the security profile properties window.

    The security profile properties window displays settings available for all devices.

  5. In the Windows group, select the Advanced section.
  6. Click the Settings link below the Threat detection and exclusions section.

    The Threat detection and exclusions window opens.

  7. Do one of the following:
    • To enable Encrypted Connections Scan, set the toggle switch to Encrypted Connections Scan is enabled. Click Save to save the changes.

      The feature is enabled.

    • To disable Encrypted Connections Scan, set the toggle switch to Encrypted Connections Scan is disabled. Click Save to save the changes.

      The feature is disabled.

To configure the list of trusted domains:

  1. Open Kaspersky Endpoint Security Cloud Management Console.
  2. Select the Security managementSecurity profiles section.

    The Security profiles section contains a list of security profiles configured in Kaspersky Endpoint Security Cloud.

  3. In the list, select the security profile for the devices on which you want to configure the list of trusted domains.
  4. Click the link with the profile name to open the security profile properties window.

    The security profile properties window displays settings available for all devices.

  5. In the Windows group, select the Advanced section.
  6. Click the Settings link below the Threat detection and exclusions section.

    The Threat detection and exclusions window opens.

  7. Click the Settings link below the Encrypted Connections Scan is enabled toggle switch.

    The Encrypted Connections Scan page opens.

  8. Do any of the following:
    • To add a trusted domain:
      1. Click the Add button.
      2. In the New record window that opens, specify the required domain name. You can use the asterisk (*) as a mask (for example, *.example.com).
      3. Click OK to close the New record window.

      If you add a domain that is accessed via the SSL or TLS protocol, and if the respective option under Block SSL/TLS connections is enabled, the connection will be blocked.

    • To edit an added trusted domain:
      1. Select the check box next to the required domain.
      2. Click the Edit button.
      3. In the New record window that opens, edit the domain name as required.
      4. Click OK to close the New record window.
    • To delete a trusted domain that was added:
      1. Select the check box next to the required domain.
      2. Click the Delete button.
  9. Click Save to save the changes.

The list of trusted domains is updated.

Page top