The Traffic Security component processes web traffic (including traffic received via mail services) and intercepts and scans objects transferred through web traffic in order to detect known computer and other threats on the protected device. The ICAP service scans incoming traffic for threats and blocks or allows traffic depending on the scan results and configured scan settings.
Kaspersky Security for Windows Server also detects and intercepts traffic requested by any processes running under Windows Subsystem for Linux. For such processes, the Traffic Security task applies the action defined by the current task configuration.
Traffic Security component is installed by default.
The component provides the following types of protection:
Mail threat protection:
Anti-phishing
Protection against mail-based malware
Web threat protection:
Anti-phishing
Malicious URL scan
Protection against web-based malware
Web Control:
URL control
Certificate control
Category-based web control
We highly recommend that you use KSN services when starting the Traffic Security task in order to enhance threat detection. KSN cloud databases contain more recent information about web threats than local anti-virus databases. Several web control categories are analyzed purely based on conclusions received from KSN services.
Traffic Security modes
Traffic Security can operate in the following modes:
Driver Interceptor. The application intercepts traffic with a network driver. It uses a network kernel driver to intercept and analyze all incoming traffic for the specified ports.
Redirector. The application processes requests coming from the user's web browser as a proxy server and redirects the received traffic to an internal ICAP-server. This mode implies additional configuration of the web browser: it is necessary to specify the address and the port for the proxy server connection.
External Proxy. The application processes traffic from an external proxy server. The traffic is transferred from the external proxy server to Kaspersky Security for Windows Server. The application analyzes the traffic and recommends an action to the external proxy. Kaspersky Security for Windows Server is only compatible with proxies that transfer traffic via the ICAP protocol.