Excluding encrypted connections from scanning

Most web resources use encrypted connections. Kaspersky experts recommend that you enable Encrypted connections scan. Is scanning encrypted connections interferes with work-related activity, you can add a website to exclusions referred to as trusted addresses. If a trusted application uses an encrypted connection, you can disable encrypted connections scan for this application. For example, you can disable encrypted connections scan for cloud storage applications that use two-factor authentication with their own certificate.

To exclude a web address from encrypted connection scans:

1. In the lower part of the main application window, click the button.
2. In the application settings window, select Network settings.
3. In the Encrypted connections scan section, click the Trusted addresses button.
4. Click the Add button.
5. Enter a domain name or an IP address if you do not want Kaspersky Endpoint Security to scan encrypted connections established when visiting that domain.

Kaspersky Endpoint Security supports the * character when entering a domain name mask.

Kaspersky Endpoint Security does not support masks for IP addresses.

Examples:

• domain.com – this entry includes the following addresses: https://domain.com, https://www.domain.com, https://domain.com/page123. This entry excludes subdomains (for example, subdomain.domain.com).
• subdomain.domain.com – this entry includes the following addresses: https://subdomain.domain.com, https://subdomain.domain.com/page123. The entry excludes the domain domain.com.
• *.domain.com – this entry includes the following addresses: https://movies.domain.com, https://images.domain.com/page123. The entry excludes the domain domain.com.
6. Save your changes.

By default, Kaspersky Endpoint Security does not scan encrypted connections when errors occur and adds the website to a special list of Domains with scan errors. Kaspersky Endpoint Security compiles a separate list for each user and does not send data to Kaspersky Security Center. You can enable blocking the connection when a scan error occurs. You can view a list of domains with encrypted connections scan errors only in the local interface of the application.

Save your changes.

By default, Kaspersky Endpoint Security does not scan encrypted connections when errors occur and adds the website to a special list of Domains with scan errors. Kaspersky Endpoint Security compiles a separate list for each user and does not send data to Kaspersky Security Center. You can enable blocking the connection when a scan error occurs. You can view a list of domains with encrypted connections scan errors only in the local interface of the application.

To view the list of domains with scan errors:

1. In the lower part of the main application window, click the button.
2. In the application settings window, select Network settings.
3. In the Encrypted connections scan section, click the Domains with scan errors button.

A list of domains with scan errors opens. To reset the list, enable blocking connection when scan errors occur in the policy, apply the policy, then reset the parameter to its initial value and apply the policy again.

Kaspersky specialists make a list of global exceptions — trusted websites that Kaspersky Endpoint Security does not check regardless of the application settings.

To view the global exclusions from encrypted traffic scans:

1. In the lower part of the main application window, click the button.
2. In the application settings window, select Network settings.
3. In the Encrypted connections scan section, click the websites link.

This opens a list of websites compiled by Kaspersky experts. Kaspersky Endpoint Security does not scan protected connections for websites on the list. The list may be updated when Kaspersky Endpoint Security databases and modules are updated.

Page top