Network settings

Settings

Description

Limit traffic on metered connections

If this check box is selected, the application limits its own network traffic when the Internet connection is limited. Kaspersky Internet Security identifies a high-speed mobile Internet connection as a limited connection and identifies a Wi-Fi connection as an unlimited connection.

Cost-Aware Networking works on computers running Windows 8 or higher.

Inject script into web traffic to interact with web pages

If the check box is selected, Kaspersky Internet Security injects a web page interaction script into web traffic. This script ensures the operation of such components as Safe Money, Private Browsing, Anti-Banner, and URL Advisor.

Support DNS over HTTPS (DoH)

If the check box is selected, the application correctly processes DNS data transmitted over HTTPS.

We do not recommend clearing this check box.

Manage DoH servers

The link opens a window where you can manually add a DoH server through which DNS data will be transferred in a browser. Here you can read about DNS over HTTPS (DoH) and how to add a DoH server.

Monitored ports

Monitor all network ports. In this port monitoring mode, Mail Anti-Virus, Anti-Spam, and Web Anti-Virus monitor all open ports of your computer.

Monitor selected network ports only. In this port monitoring mode, Mail Anti-Virus, Anti-Spam, and Web Anti-Virus monitor the selected ports of your computer. You can specify the monitored network ports in the Network ports window, which can be opened by clicking the Select link. You can also specify the particular applications where monitoring of all the network ports used by these applications should be enabled:

  • Monitor all ports for the applications from the list recommended by Kaspersky. The list of these applications is specified by default and included in the software package for Kaspersky Internet Security.

    If this check box is selected, Kaspersky Internet Security monitors all ports for the following applications:

    • Adobe Reader.
    • Apple Application Support.
    • Google Chrome.
    • Microsoft Edge.
    • Mozilla Firefox.
    • Internet Explorer.
    • Java.
    • mIRC.
    • Opera.
    • Pidgin.
    • Safari.
    • Mail.ru Agent.
    • Yandex Browser.
  • Monitor all ports for specified applications. You can specify the applications in the Applications window, which can be opened by clicking the Select link.

Network ports

A list of ports that are normally used for transferring email and web traffic is included in the Kaspersky Internet Security distribution kit. By default, Kaspersky Internet Security monitors traffic passing through all ports from this list. You can add ports to the list or delete them from the list.

If the Active value is set in the port line in the Status column, Kaspersky Internet Security monitors the traffic passing through this port. If the Inactive value is set in the port line in the Status column, Kaspersky Internet Security excludes this port from scans, but does not remove it from the list of ports. You can change the status and other port settings in the window by clicking the Edit button.

Encrypted connections scan

You can select one of the following modes for scanning encrypted connections over SSL:

  • Do not scan encrypted connections.
  • Scan encrypted connections upon request from protection components.
  • Always scan encrypted connections.

    If the Scan encrypted connections upon request from protection components option is selected, Kaspersky Internet Security uses the installed Kaspersky certificate to verify the security of SSL connections if this is required by the Web Anti-Virus and URL Advisor protection components. If these components are disabled, Kaspersky Internet Security does not verify the security of SSL connections.

    After Kaspersky Internet Security verifies an SSL connection, the certificates of websites may not display the name of the organization under which the website is registered.

    If you do not want the application to verify an SSL connection with a website, you can add the website to the list of exclusions by clicking the Manage exclusions link.

When encrypted connection scan errors occur

In the drop-down list, you can select the action that the application will perform if a secure connections scan error occurs on a website.

  • Ignore. The application terminates the connection with the website on which the scan error occurred.
  • Ask. The application shows you a notification with a prompt to add a website address to the list of websites on which scan errors occurred. The website address will be checked against the database of malicious objects.
  • Add domain to exclusions. The application adds the website address to the list of websites on which scan errors occurred. The website address will be checked against the database of malicious objects.

Domains with scan errors

List of domains that could not be scanned due to errors when connecting to them. The addresses of the domains were checked against the database of malicious objects.

Manage exclusions

Click this link to open the Exclusions window, which contains a list of websites that you added as an exclusion for the Web Anti-Virus and URL Advisor components.

Trusted applications

List of applications whose activity is not monitored by Kaspersky Internet Security during its operation. You can select the types of application activity that Kaspersky Internet Security will not monitor (for example, do not scan network traffic). Kaspersky Internet Security supports environment variables, and the * and ? masks.

Block connections over SSL 2.0 protocol (recommended)

If the check box is selected, Kaspersky Internet Security blocks network connections established over the SSL 2.0 protocol.

If the check box is cleared, Kaspersky Internet Security does not block network connections established over the SSL 2.0 protocol and does not monitor network traffic transmitted over these connections.

Decrypt encrypted connections with websites that use EV certificates

EV certificates (Extended Validation Certificates) confirm the authenticity of websites and enhance the security of the connection. Browsers use a lock icon in their address bar to indicate that a website has an EV certificate. Browsers may also fully or partially color the address bar in green.

If the check box is selected, Kaspersky Internet Security decrypts and monitors encrypted connections with websites that use an EV certificate.

If the check box is cleared, Kaspersky Internet Security does not have access to the contents of HTTPS traffic. For this reason, the application monitors HTTPS traffic only based on the website address, for example, https://bing.com.

If you are opening a website with an EV certificate for the first time, the encrypted connection will be decrypted regardless of whether or not the check box is selected.

Proxy server settings

Settings of the proxy server used for Internet access of users of client computers. Kaspersky Internet Security uses these settings for certain protection components, including for updating databases and application modules.

For automatic configuration of a proxy server, Kaspersky Internet Security uses the WPAD protocol (Web Proxy Auto-Discovery Protocol). If the IP address of the proxy server cannot be determined by using this protocol, Kaspersky Internet Security uses the proxy server address that is specified in the Microsoft Internet Explorer browser settings.

Scan secure traffic in Mozilla applications

If this check box is selected, Kaspersky Internet Security scans encrypted traffic in the Mozilla Firefox browser and Thunderbird mail client. Access to some websites via the HTTPS protocol may be blocked.

Kaspersky Internet Security uses the Kaspersky root certificate to decrypt and analyze encrypted traffic. You can select the certificate store that will contain the Kaspersky root certificate.

  • Use Windows certificate store. The Kaspersky root certificate is added to this store during installation of Kaspersky Internet Security.
  • Use Mozilla certificate store. Mozilla Firefox and Thunderbird use their own certificate stores. If the Mozilla certificate store is selected, you need to manually add the Kaspersky root certificate to this store through the browser properties.

Page top