Adding a rule to ICAP exclusions

Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For security officers: Getting started with the application web interface

Managing ICAP exclusions

Adding a rule to ICAP exclusions

April 2, 2024

ID 262387

ICAP exclusion rules are processed if a rule for the data has not been previously added to the scan exclusion rules.

To add rule to ICAP exclusions:

In the main window of the application web interface, select the Settings section, Exclusions subsection.
Open the ICAP tab.
In the upper-right corner of the application web interface window, click Add.
This opens the New rule window.
Move the State toggle switch to the position you need.
By default, the toggle switch is in the Enabled position.
In the Criteria drop-down list, select one of the following criteria for adding a rule to the list of ICAP exclusions:
- Format.
- User Agent.
- MD5.
- URL mask.
- Source IP or subnet.
Depending on the selected criterion, in the Value field, specify the following information:
- If you selected Format, select the file format that you want to add from the drop-down list.
  When you add an ICAP exclusion rule by format, web page content of the corresponding format is loaded without scanning, and the display of web pages is not disrupted.
- If you selected User Agent, enter the User agent header of HTTP requests containing browser information.
- If you selected MD5, enter the MD5 hash of the file.
- If you selected URL mask, enter the URL mask.
  You can use the following special characters in the mask:
  
  * – any sequence of characters.
  
  Example:
  
  If you enter *abc* as the mask, the application does not scan any URL that contains the sequence abc. For example, www.example.com/download_virusabc
  
  ? – any single character.
  
  Example:
  
  If you enter example_123?.com as the mask, the application does not scan any URL that contains the given character sequence and any character following 3. For example, example_1234.com
  
  If the * or ? characters are part of the full URL that you want to add to the list of scan exclusions, use the \ character when entering the URL to escape a single *, ?, or \ character that follows it.
  
  Example:
  
  You need to add the following URL as a trusted address: www.example.com/download_virus/virus.dll?virus_name=
  
  You do not want the application to treat ? as a special mask character so you put a \ character before the ? character.
  
  The URL added to the list of scan exclusions looks as follows: www.example.com/download_virus/virus.dll\?virus_name=
  
  In the URL mask field, you can enter domain names containing Cyrillic characters. In this case, the address is converted to Punycode and processed in accordance with application settings.
- If you selected Source IP or subnet, enter an address or subnet (for example, 255.255.255.0).
Click Add.

The rule is added to the ICAP exclusion list.

Users with the Security auditor and Security officer roles cannot add an ICAP exclusion rule.

Kaspersky Professional Services

Implementation services. Health check and security system configuration. Contact us if you need expert help.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.