In Kaspersky Endpoint Security settings, you can configure exclusions from traffic interception by traffic direction, destination IP address and port. If such exclusions are not sufficient to resolve the conflict of the Kaspersky Endpoint Security application with client applications, you can use the special chain of allow rules, kesl_bypass.
The kesl_bypass chain is a special list of rules that Kaspersky Endpoint Security creates in the mangle table of the operating system firewall (iptables/ip6tables). The rules of the kesl_bypass chain make it possible to exclude traffic from interception by Kaspersky Endpoint Security. The kesl_bypass chain is added to the top of the network packet processing process, which means that kesl_bypass rules are processed before all other iptables rules.
In contrast to exclusions that you can connect in Kaspersky Endpoint Security settings, the kesl_bypass chain allows configuring exclusions not only by traffic direction, destination IP address and port, but also by other parameters of connections.
The rules in the kesl_bypass chain can be changed by means of the operating system.
For example, you can add a rule to the kesl_bypass chain by running the following command: iptables -t mangle -I kesl_bypass -m tcp -p tcp --dport http -j ACCEPT.
This rule allows excluding inbound and outbound HTTP traffic on port 80 at any IP address from interception by Kaspersky Endpoint Security. This can help avoid potential conflict with web services that you trust.
If traffic exclusion rules are configured in the chain, these rules affect the Web Threat Protection, Network Threat Protection, and Web Control components.
When the application is removed, the kesl_bypass rule chain is removed from iptables and ip6tables only if it was empty.
Page top