To configure a trusted connection with Kaspersky Sandbox servers, you must prepare a TLS certificate. Next you must add the certificate to Kaspersky Sandbox servers and the Kaspersky Endpoint Security policy. For details on preparing the certificate and adding the certificate to servers, refer to the Kaspersky Sandbox Help.
You can add a TLS certificate in Web Console or locally using the command line.
To add a TLS certificate in Web Console:
In the main window of the Web Console, select Devices → Policies & profiles.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Detection and Response → Kaspersky Sandbox.
Click the Server connection settings link.
This opens the Kaspersky Sandbox server connection settings window.
In the Server TLS certificate block, click Add and select the TLS certificate file.
Kaspersky Endpoint Security can only have one TLS certificate for a Kaspersky Sandbox server. If you have added a TLS certificate before, that certificate is revoked. Only the last added certificate is used.
Configure advanced connections settings for Kaspersky Sandbox servers:
Timeout. Connection timeout for Kaspersky Sandbox server. After the configured timeout elapses, Kaspersky Endpoint Security sends a request to the next server. You can increase the connection timeout for Kaspersky Sandbox if your connection speed is low or if the connection is unstable. The recommended request timeout is 0.5 seconds or less.
Sandbox request queue. Size of the request queue folder. When an object is accessed on the computer (executable launched or document opened, for example in DOCX or PDF format), Kaspersky Endpoint Security can also send the object to be scanned by Kaspersky Sandbox. If there are multiple requests, Kaspersky Endpoint Security creates a request queue. By default, the size of the request queue folder is limited to 100 MB. After the maximum size is reached, Kaspersky Sandbox stops adding new requests to the queue and sends the corresponding event to Kaspersky Security Center. You can configure the size of the request queue folder depending on your server configuration.
Save your changes.
As a result, Kaspersky Endpoint Security verifies the TLS certificate. If the certificate is successfully verified, Kaspersky Endpoint Security uploads the certificate file to the computer during the next synchronization with Kaspersky Security Center. If you have added two TLS certificates, Kaspersky Sandbox will use the latest certificate to establish a trusted connection.