Encrypted connections scan settings

All available values and default values for each setting are described in the table below.

When the encrypted connection scan settings are changed, the application records a NetworkSettingsChanged event in the log file.

Setting	Description	Values

`EncryptedConnectionsScan`	Enables or disables encrypted traffic scan. For the FTP protocol, encrypted connections scan is disabled by default.	`Yes` (default value) — Enable encrypted connection scans. `No` — Disable encrypted connection scans. The application does not decrypt the encrypted traffic.
`EncryptedConnectionsScanErrorAction`	Specifies the action to perform when an encrypted connection scan error occurs on a website.	`AddToAutoExclusions` (default value) — Add the domain where an error occurred to the list of domains with scan errors. The application will not monitor encrypted network traffic when this domain is visited. `Disconnect` — Block the network connection.
`CertificateVerificationPolicy`	Specifies the way Kaspersky Endpoint Security checks certificates. If a certificate is self-signed, the application does not perform the additional verification.	`FullCheck` (default value) — The application uses the Internet to check and download the missing chains that are required to verify a certificate. `LocalCheck` — The application does not use the Internet to verify a certificate.
`UntrustedCertificateAction`	Specifies the action to perform when an encrypted connection scan error occurs on a website.	`Allow` (default value) — Allow network connections established while visiting a domain with an untrusted certificate. `Block` — Block network connections established while visiting a domain with an untrusted certificate.
`ManageExclusions`	Enables or disables the use of the encrypted connection scan exclusions.	`Yes` — Do not scan websites specified in the `[Exclusions.item_#]` section. `No` (default value) — Scan all websites.
`MonitorNetworkPorts`	Specifies the way Kaspersky Endpoint Security monitors network ports.	`Selected` (default value) — Monitor only network ports specified in the `[NetworkPorts.item_#]` section (see below). `All` — Monitor all network ports. Specifying this value may significantly increase an operating system load.
The [Exclusions.item_#] section contains domains excluded from scans. The application does not scan encrypted connections established when visiting specified domains.
`DomainName`	Specifies the domain name. You can use masks to specify the domain.	The default value is not defined.
The [NetworkPorts.item_#] section contains the network ports monitored by the application.
`PortName`	Network port description.	The default value is not defined.
`Port`	Network port numbers to be monitored by the application.	`1` – `65535` The default value is not defined.

Page top