Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For administrators: Getting started with the application web interface

Managing the Sensor component

Configuring integration with a proxy server via ICAP

Configuring real-time scanning of ICAP traffic

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Forum Contact support Recovery tools

Configuring real-time scanning of ICAP traffic

April 2, 2024

ID 255486

Real-time ICAP traffic scanning on standalone servers with the Sensor component can only be configured in Technical Support Mode. To perform actions in Technical Support Mode, we recommend contacting Technical Support.

You can configure real-time ICAP traffic scanning on a server with the Central Node and Sensor components for anti-virus scanning of data. Scan results are displayed to the user of the host on a notification HTML page.

To configure real-time ICAP traffic scanning:

  1. In the window of the application web interface, select the Settings section, ICAP traffic scanning subsection.

    The ICAP traffic scanning settings page is displayed.

    By default, under Notifications, pages corresponding to the following events are loaded:

    • The page uploaded in the Link blocked field is displayed if a threat is detected at the address requested by the user.
    • The page uploaded in the File blocked field is displayed if a threat is detected in a scanned file.
    • The page uploaded in the Scan file field is displayed if a file scan is started. If the file is safe, the user can click a link to download the file.
    • The page uploaded in the File expired field is displayed if the file was scanned, but the storage duration for that file has expired.

    By default, HTML pages from the distribution kit are loaded in Kaspersky Anti Targeted Attack Platform. You can upload your own notification pages and configure how they must be displayed. The size of a notification page must not exceed 1.5 MB. If the uploaded notification page is larger than 1.5 MB, an error is displayed.

  2. Under File block threshold, in the Sandbox detections severity field, select a value from the drop-down list. These values correspond to the possible impact of the alert on the security of a computer or your corporate network based on the expert opinion of Kaspersky.

    This setting can take one of the following values:

    • HighApt_icon_importance_high for a high-importance alert. This option is selected by default.
    • MediumApt_icon_importance_medium for a medium-importance alert.
    • LowApt_icon_importance_low for a low-importance alert.
  3. Under Scan timeout, in the Timeout field, specify the time after which the link to the scanned file is unblocked and downloading the scanned file becomes possible.

    The default value is 10 minutes. You can set any value greater than 1 minute.

  4. Click Apply.

The scan is performed with the specified settings.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.