for Windows, macOS, and Linux
You can configure the proxy server used for connecting to the internet, select the network port monitoring mode, and set up an encrypted connections scan.
Network settings
|
Settings |
OS |
Description |
|---|---|---|
|
Trusted root certificates |
|
List of trusted root certificates. Kaspersky Endpoint Security lets you install trusted root certificates on user computers if, for example, you need to deploy a new certification center. The application lets you add a certificate to a special Kaspersky Endpoint Security certificate store. In this case, the certificate is considered trusted only for the Kaspersky Endpoint Security application. In other words, the user can gain access to a website with the new certificate in the browser. If another application tries to gain access to the website, you can get a connection error because of a certificate issue. To add to the system certificate store, you can use Active Directory group policies. |
|
Proxy server |
|
Settings of the proxy server used for internet access of users of client computers. Kaspersky Endpoint Security uses these settings for certain protection components, including for updating databases and application modules. |
|
Use proxy server authentication |
|
If this check box is selected, the application uses authentication with a user name and password when connecting to the proxy server.
|
|
Bypass a proxy server for local addresses |
|
If the check box is selected, Kaspersky Endpoint Security does not use a proxy server when performing an update from a shared folder. |
|
Do not use proxy server for components |
|
Select the check boxes next to those application components that you do not want to use the proxy server:
|
|
Do not use proxy server for the specified IP addresses and DNS names |
|
The table contains a list of IP addresses and DNS names for which the proxy server must not be used. You can use wildcards (the You can add, edit, or delete addresses in the table. |
|
Encrypted Connections Scan |
|
This feature allows the Web Threat Protection, Mail Threat Protection, Web Control, and Cloud Discovery components to monitor and handle encrypted (HTTPS) connections.
|
|
Trusted domains |
|
This uses a list of web addresses for which Kaspersky Endpoint Security does not scan network connections. In this case, Kaspersky Endpoint Security does not scan the HTTPS traffic of trusted web addresses when the Web Threat Protection, Mail Threat Protection, and Web Control components are doing their work. You can enter a domain name or an IP address. Kaspersky Endpoint Security supports the |
|
Limit traffic on a metered connection |
|
If this check box is selected, the application limits its own network traffic when the Internet connection is limited. Kaspersky Endpoint Security identifies a high-speed mobile Internet connection as a limited connection and identifies a Wi-Fi connection as an unlimited connection. Cost-Aware Networking works on computers running Windows 8 or later. |
|
Inject script into web traffic to interact with web pages |
|
If the check box is selected, Kaspersky Endpoint Security injects a web page interaction script into web traffic. This script ensures that the Web Control component can work correctly. The script enables registration of Web Control events. Kaspersky experts recommend injecting this web page interaction script into traffic to ensure correct operation of Web Control. |
|
Check encrypted connections with websites that use EV certificates |
|
EV certificates (Extended Validation Certificate) confirm the authenticity of websites and enhance the security of the connection. Browsers use a lock icon in their address bar to indicate that a website has an EV certificate. Browsers may also fully or partially color the address bar in green. If this toggle switch is enabled, the application decrypts and monitors encrypted connections with websites that use an EV certificate. If the toggle button is switched off, the application does not have access to the contents of HTTPS traffic. For this reason, the application monitors HTTPS traffic only based on the website address, for example, If you are opening a website with an EV certificate for the first time, the encrypted connection will be decrypted regardless of whether or not the check box is selected. |
|
Block SSL 2.0 connections |
|
If the check box is selected, the application monitors and blocks network connections established over the SSL 2.0 protocol. If the check box is cleared, the application does not block network connections established over the SSL 2.0 protocol. However, the application does not monitor network traffic over this protocol. |
|
Block TLS 1.0 connections |
|
If the check box is selected, the application blocks network connections established over the TLS 1.0 protocol. If the check box is cleared, the application does not block network connections established over the TLS 1.0 protocol. The application monitors network traffic over this protocol. All components of the application work without restrictions. |
|
Block SSL 3.0 connections |
|
If the check box is selected, the application blocks network connections established over the SSL 3.0 protocol. If the check box is cleared, the application does not block network connections established over the SSL 3.0 protocol. The application monitors network traffic over this protocol. All components of the application work without restrictions. |
|
Monitored ports |
|
Monitor all network ports. In this network port monitoring mode, the protection components (File Threat Protection, Web Threat Protection, and Mail Threat Protection) monitor data streams that are transmitted via any open network ports of the computer. Monitor selected network ports only. In this network port monitoring mode, the protection components monitor the selected ports of the computer and the network activity of the selected applications. The list of network ports that are normally used for transmission of email and network traffic is configured according to the recommendations of Kaspersky experts. |
|
Select the certificate store for Firefox to use |
|
System Roots keychain (recommended). If you select this option, Kaspersky Endpoint Security uses a root certificate from the System Roots keyring to scan encrypted HTTPS traffic in the Mozilla Firefox browser. This option is selected by default. Certificate store from Mozilla Firefox browser settings. If this option is selected, Kaspersky Endpoint Security uses the certificate from the browser's certificate store. In this case, you need to manually add the Kaspersky Endpoint Security certificate to the certificate store of Mozilla Firefox. For more information, see the article on How to add the Kaspersky certificate to the Mozilla Firefox certificate store. |
|
Traffic interception mode |
|
iptables. Network traffic scanning mode in which Kaspersky Endpoint Security filters and processes network packets on the Netfilter subsystem. eBPF. Network traffic scanning mode in which Kaspersky Endpoint Security intercepts and processes network packets at the kernel level. Requires a modern kernel with eBPF support. |