Most web resources use encrypted connections. Kaspersky experts recommend that you enable Encrypted connections scan. If encrypted connections scan interferes with work-related activity, you can add a website to exclusions referred to as trusted addresses. If a trusted application uses an encrypted connection, you can disable encrypted connections scan for this application. For example, you can disable encrypted connections scan for cloud storage applications that use two-factor authentication with their own certificate.
To exclude a web address from encrypted connection scans:
Kaspersky Endpoint Security supports the *
character for entering a mask in the domain name.
Kaspersky Endpoint Security does not support masks for IP addresses. You can enter a range of IP addresses in the local application interface (for example, 198.51.100.0/24). You cannot enter a range of IP addresses in the Kaspersky Security Center console.
Examples:
domain.com
– the record is inclusive of the following addresses: https://domain.com
, https://www.domain.com
, https://domain.com/page123
. The record is exclusive of subdomains (for example, subdomain.domain.com
).subdomain.domain.com
– the record is inclusive of the following addresses: https://subdomain.domain.com
, https://subdomain.domain.com/page123
. The record is exclusive of the domain.com
domain.*.domain.com
– the record is inclusive of the following addresses: https://movies.domain.com
, https://images.domain.com/page123
. The record is exclusive of the domain.com
domain.By default, Kaspersky Endpoint Security does not scan encrypted connections when errors occur and adds the website to a special list of Domains with scan errors. Kaspersky Endpoint Security compiles a separate list for each user and does not send data to Kaspersky Security Center. You can enable blocking the connection when a scan error occurs. You can view a list of domains with encrypted connections scan errors only in the local interface of the application.
To view the list of domains with scan errors:
A list of domains with scan errors opens. To reset the list, enable blocking connection when scan errors occur in the policy, apply the policy, then reset the parameter to its initial value and apply the policy again.
Kaspersky specialists make a list of global exceptions — trusted websites that Kaspersky Endpoint Security does not check regardless of the application settings.
To view the global exclusions from encrypted traffic scans:
This opens a list of websites compiled by Kaspersky experts. Kaspersky Endpoint Security does not scan protected connections for websites on the list. The list may be updated when Kaspersky Endpoint Security databases and modules are updated.
Page top