In the main window of the Kaspersky Security Center Web Console, select Devices → Policies & profiles.
Click the policy name you want to configure.
In the <Policy name> window that opens, select the Application settings tab.
Select the Supplementary section.
In the Trusted Zone section, click Settings.
A Trusted Zone window opens on the Exclusions tab.
Select the Certificate monitoring tab.
Select the Enable certificate monitoring check box if you want the application to apply certificate monitoring rules.
Specify the value of the Notify about the expiration of the certificate (1 - 99 days) in advance setting if you want the application to publish an event about the approaching certificate expiration date in the system audit log the specified number of days before expiry. The default is 30 days.
The application publishes an event about the approaching certificate expiration date once before restarting the application or the protected device. The application does not publish an event when the software signed with a certificate with an approaching expiration date is started again, if the application or the protected devices have not been restarted.
Kaspersky Embedded Systems Security for Windows applies the new certificate monitoring settings immediately. Information about the date and time when the settings were modified, and the values of the certificate monitoring settings before and after modification are saved to the system audit log.