Network settings for interaction with external services

Kaspersky Security Center uses the following network settings for interacting with external services.

Network settings

Network settings	Address	Description
Port: 443 Protocol: HTTPS	activation-v2.kaspersky.com/activationservice/activationservice.svc	Application activation.
Port: 443 Protocol: HTTPS	https://s00.upd.kaspersky.com https://s01.upd.kaspersky.com https://s02.upd.kaspersky.com https://s03.upd.kaspersky.com https://s04.upd.kaspersky.com https://s05.upd.kaspersky.com https://s06.upd.kaspersky.com https://s07.upd.kaspersky.com https://s08.upd.kaspersky.com https://s09.upd.kaspersky.com https://s10.upd.kaspersky.com https://s11.upd.kaspersky.com https://s12.upd.kaspersky.com https://s13.upd.kaspersky.com https://s14.upd.kaspersky.com https://s15.upd.kaspersky.com https://s16.upd.kaspersky.com https://s17.upd.kaspersky.com https://s18.upd.kaspersky.com https://s19.upd.kaspersky.com https://cm.k.kaspersky-labs.com	Updating Kaspersky databases, software modules, and applications.
Port: 443 Protocol: HTTPS	https://downloads.upd.kaspersky.com	Updating Kaspersky databases, software modules, and applications. Checking if Kaspersky servers are accessible. Before downloading Kaspersky databases and software modules, Kaspersky Security Center checks if Kaspersky servers are accessible. If access to the servers using system DNS is not possible, the application uses public DNS servers.
Port: 80 Protocol: HTTP	http://p00.upd.kaspersky.com http://p01.upd.kaspersky.com http://p02.upd.kaspersky.com http://p03.upd.kaspersky.com http://p04.upd.kaspersky.com http://p05.upd.kaspersky.com http://p06.upd.kaspersky.com http://p07.upd.kaspersky.com http://p08.upd.kaspersky.com http://p09.upd.kaspersky.com http://p10.upd.kaspersky.com http://p11.upd.kaspersky.com http://p12.upd.kaspersky.com http://p13.upd.kaspersky.com http://p14.upd.kaspersky.com http://p15.upd.kaspersky.com http://p16.upd.kaspersky.com http://p17.upd.kaspersky.com http://p18.upd.kaspersky.com http://p19.upd.kaspersky.com http://downloads0.kaspersky-labs.com http://downloads1.kaspersky-labs.com http://downloads2.kaspersky-labs.com http://downloads3.kaspersky-labs.com http://downloads4.kaspersky-labs.com http://downloads5.kaspersky-labs.com http://downloads6.kaspersky-labs.com http://downloads7.kaspersky-labs.com http://downloads8.kaspersky-labs.com http://downloads9.kaspersky-labs.com http://downloads.kaspersky-labs.com http://cm.k.kaspersky-labs.com	Updating Kaspersky databases, software modules, and applications.
Port: 443 Protocol: HTTPS	ds.kaspersky.com	Using Kaspersky Security Network.
Port: 443, 1443 Protocol: HTTPS	ksn-a-stat-geo.kaspersky-labs.com ksn-file-geo.kaspersky-labs.com ksn-verdict-geo.kaspersky-labs.com ksn-url-geo.kaspersky-labs.com ksn-a-p2p-geo.kaspersky-labs.com ksn-info-geo.kaspersky-labs.com ksn-cinfo-geo.kaspersky-labs.com	Using Kaspersky Security Network.
Protocol: HTTPS	click.kaspersky.com redirect.kaspersky.com	Following links from the interface.
Port: 80 Protocol: HTTP	http://crl.kaspersky.com http://ocsp.kaspersky.com	These servers are part of the Public Key Infrastructure (PKI) and are necessary to verify the validity status of the Kaspersky digital signature certificates. The CRL is a list of revoked certificates. The OCSP allows you to request the status of a specific certificate in real time. These servers help to ensure the security of interaction with digital certificates and protect against possible attacks.
Port: 443 Protocol: HTTPS	https://ipm-klca.kaspersky.com	Marketing announcements.

For proper interaction of Kaspersky Security Center with external services, consider the following recommendations:
- Unencrypted network traffic must be allowed on ports 443 and 1443 on the network equipment and proxy server of your organization.
- When Administration Server interacts with Kaspersky update servers and Kaspersky Security Network servers, it is necessary to avoid hijacking network traffic with certificate substitution (MITM attacks).

To download updates through the HTTP or HTTPS protocol by using the klscflag utility:

Run the Windows command prompt by using administrator rights, and then change your current directory to the directory with the klscflag utility. The klscflag utility is located in the folder where Administration Server is installed. The default installation path is <Disk>:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Center.
If you want to download updates through the HTTP protocol, run one of the following commands:
- On the device with Administration Server installed:
  klscflag.exe -fset -pv klserver -s Updater -n DisableKLHttps -t d -v 1
- On a distribution point:
  klscflag.exe -fset -pv klnagent -s Updater -n DisableKLHttps -t d -v 1
If you want to download updates through the HTTPS protocol, run one of the following commands:
- On the device with Administration Server installed:
  klscflag.exe -fset -pv klserver -s Updater -n DisableKLHttps -t d -v 0
- On a distribution point:
  klscflag.exe -fset -pv klnagent -s Updater -n DisableKLHttps -t d -v 0

Page top