Most web resources use encrypted connections, therefore Kaspersky experts recommend enabling encrypted connection scanning. If scanning encrypted connections causes excessive slowdowns, you can exclude individual domains from the encrypted connection scan, as well as disable decryption for domain categories. Kaspersky NGFW uses predefined web categories and actions for these categories. Security engines of Kaspersky NGFW do not scan HTTPS traffic from domains and domain categories in the list of exclusions.
Kaspersky NGFW also uses a list of default exclusions by domain, which Kaspersky NGFW does not scan regardless of the application settings. This list is compiled by Kaspersky experts and is regularly updated. You cannot edit this list.
If a domain is in the list of exclusions, the connection is not decrypted, even if it matches a decryption rule with the decrypt action. However, an event for the session is recorded in the SSL inspection log.
You can enable and configure the custom domain exclusion list, as well as configure the decryption of predefined domain categories.