Encrypted connections scan settings

All available values and default values for each setting are described in the table below.

When the encrypted connection scan settings are changed, the application records a NetworkSettingsChanged event in the log file.

Encrypted connections scan settings

Setting

Description

Values

EncryptedConnectionsScan

Enables or disables encrypted traffic scan.

For the FTP protocol, encrypted connections scan is disabled by default.

Yes (default value) — Enable encrypted connection scans.

No — Disable encrypted connection scans. The application does not decrypt the encrypted traffic.

EncryptedConnectionsScanErrorAction

Specifies the action to perform when an encrypted connection scan error occurs on a website.

AddToAutoExclusions (default value) — Add the domain where an error occurred to the list of domains with scan errors. The application will not monitor encrypted network traffic when this domain is visited.

Disconnect — Block the network connection.

CertificateVerificationPolicy

Specifies the way Kaspersky Industrial CyberSecurity for Linux Nodes checks certificates.

If a certificate is self-signed, the application does not perform the additional verification.

FullCheck (default value) — The application uses the Internet to check and download the missing chains that are required to verify a certificate.

LocalCheck — The application does not use the Internet to verify a certificate.

UntrustedCertificateAction

Specifies the action to perform when an encrypted connection scan error occurs on a website.

Allow (default value) — Allow network connections established while visiting a domain with an untrusted certificate.

Block — Block network connections established while visiting a domain with an untrusted certificate.

ManageExclusions

Enables or disables the use of the encrypted connection scan exclusions.

Yes — Do not scan websites specified in the [Exclusions.item_#] section.

No (default value) — Scan all websites.

MonitorNetworkPorts

Specifies the way Kaspersky Industrial CyberSecurity for Linux Nodes monitors network ports.

Selected (default value) — Monitor only network ports specified in the [NetworkPorts.item_#] section (see below).

All — Monitor all network ports. Specifying this value may significantly increase an operating system load.

The [Exclusions.item_#] section contains domains excluded from scans. The application does not scan encrypted connections established when visiting specified domains.

DomainName

Specifies the domain name. You can use masks to specify the domain.

The default value is not defined.

The [NetworkPorts.item_#] section contains the network ports monitored by the application.

PortName

Network port description.

The default value is not defined.

Port

Network port numbers to be monitored by the application.

165535

The default value is not defined.

Page top