Proxy server settings

Settings of the proxy server used for Internet access of users of client computers. Kaspersky Endpoint Security uses these settings for certain protection components, including for updating databases and application modules.

For automatic configuration of a proxy server, Kaspersky Endpoint Security uses the WPAD protocol (Web Proxy Auto-Discovery Protocol). If the IP address of the proxy server cannot be determined by using this protocol, Kaspersky Endpoint Security uses the proxy server address that is specified in Microsoft Internet Explorer.

Bypass proxy server for local addresses

If the check box is selected, Kaspersky Endpoint Security does not use a proxy server when performing an update from a shared folder.

Monitored ports

• Monitor all network ports. In this network port monitoring mode, the protection components (File Threat Protection, Web Threat Protection, Mail Threat Protection) monitor data streams that are transmitted via any open network ports of the computer.
• Monitor selected ports only. In this network port monitoring mode, the protection components monitor only user-specified network ports of the computer. A list of network ports that are normally used for transmission of email and network traffic is included in the application distribution kit.

Scan encrypted connections

If the check box is selected, the Web Threat Protection, Mail Threat Protection, and Web Control components scan encrypted traffic that is transmitted over the following protocols:

• SSL 3.0.
• TLS 1.0 / TLS 1.1 / TLS 1.2.

Kaspersky Endpoint Security does not scan encrypted connections that are established by applications if the Do not scan network traffic check box is selected for those applications in the Scan exclusions for application window.

When visiting a domain with an untrusted certificate

• Allow If this item is selected, when visiting a domain with an untrusted certificate, Kaspersky Endpoint Security allows the network connection.

When opening a domain with an untrusted certificate in a browser, Kaspersky Endpoint Security displays an HTML page showing a warning and the reason why visiting that domain is not recommended. A user can click the link from the HTML warning page to obtain access to the requested web resource. After following this link, during the next hour Kaspersky Endpoint Security will not display warnings about an untrusted certificate when visiting other resources on this same domain.

• Block. If this item is selected, when visiting a domain with an untrusted certificate, Kaspersky Endpoint Security blocks the network connection established when visiting this domain.

When opening a domain with an untrusted certificate in a browser, Kaspersky Endpoint Security displays an HTML page showing the reason why that domain is blocked.

When secure connection scan errors occur

• Break connection. If this item is selected, when an encrypted connection scan error occurs, Kaspersky Endpoint Security blocks the network connection.

When Break connection is selected, Kaspersky Endpoint Security deletes all exclusions that are listed in the Domains with scan errors window.

• Add domain to exclusions. If this item is selected, when an encrypted connection scan error occurs, Kaspersky Endpoint Security adds the domain that resulted in the error to the list of domains with scan errors and does not monitor encrypted network traffic when this domain is visited.

Block SSL 2.0 connections

If the check box is selected, Kaspersky Endpoint Security blocks network connections established over the SSL 2.0 protocol.

If the check box is cleared, Kaspersky Endpoint Security does not block network connections established over the SSL 2.0 protocol and does not monitor network traffic transmitted over these connections.

Decrypt secure connection with EV certificate

If the check box is selected, Kaspersky Endpoint Security decrypts and monitors network traffic transmitted over encrypted connections that are established in the browser using an Extended Validation Certificate (EV).

Trusted domains

List of domains for which Kaspersky Endpoint Security does not scan encrypted network connections.

Trusted applications

List of applications whose activity is not monitored by Kaspersky Endpoint Security during its operation.