Impact of control and encrypted connection scan components in Kaspersky Endpoint Security for Windows on third-party software
Show applications and versions that this article concerns
- Kaspersky Endpoint Security 12.6 for Windows (version 12.6.0.438)
- Kaspersky Endpoint Security 12.5 for Windows (version 12.5.0.539)
- Kaspersky Endpoint Security 12.4 for Windows (version 12.4.0.467)
- Kaspersky Endpoint Security 12.3 for Windows (version 12.3.0.493)
- Kaspersky Endpoint Security 12.2 for Windows (version 12.2.0.462)
- Kaspersky Endpoint Security 12.1 for Windows (version 12.1.0.506)
- Kaspersky Endpoint Security 12 for Windows (version 12.0.0.465)
- Kaspersky Endpoint Security 11.11 for Windows (version 11.11.0.452)
- Kaspersky Endpoint Security 11.10 for Windows (version 11.10.0.399)
- Kaspersky Endpoint Security 11.9 for Windows (version 11.9.0.351)
- Kaspersky Endpoint Security 11.8 for Windows (version 11.8.0.384)
- Kaspersky Endpoint Security 11.7 for Windows (version 11.7.0.669)
Issue
Kaspersky Endpoint Security for Windows (KESW) may affect the network communication between third-party software with Kaspersky application servers and databases.
When working in browsers and applications that require enhanced security for TLS and SSL communication channels, you may encounter problems establishing secure connections.
Solution
Step 1. Check control components
If KESW Security Controls components are installed on your device, check if the software has appropriate permissions.
- Configure the firewall: check if there are allow rules for network access and what network type is specified in the rules.
- Add allow rules if there are missing.
- If the current network type does not match the one being used, change it to the correct type.
- Configure Device Control: disable Anti-Bridging in the component settings if the problematic software establishes VPN connections.
- Temporarily disable scanning of encrypted connections: go to the Encrypted connections scan block, select Do not scan encrypted connections and reboot the problematic software.
- Сheck whether the issue persists. If it does, follow these instructions.
If the issue resolved:- Enable the scanning of encrypted connections: go to the Encrypted connections scan block, select Scan encrypted connections upon request from protection components.
- Configure the encrypted traffic scan settings of the problematic software.
Step 2. Check the component of encrypted connections scanning
- Check the network parameters in Kaspersky Endpoint Security for Windows.
Administrators often set the following parameters instead of default ones to increase protection:Parameter Value Monitored ports Monitor all network ports Encrypted connections scan Always scan encrypted connections Visiting a domain with an untrusted certificate Block Visiting a domain with an encrypted connections scan error Block
If the parameters are different from the default ones, restore them or use a new policy with the default settings. - Apply the exclusions from the scan scope of encrypted traffic if required:
- If the application uses a small number of target IP addresses for connections, and if they are permanent, add the executable files of the problematic software to the list of trusted applications using this guide. When adding the application to trusted, select the check box Do not scan (encrypted) network traffic and specify target IP addresses.
- If the application uses many target IP addresses, or if they frequently change, exclude FQDNs or ranges of IP address from the encrypted connection scanning for all applications.
What to do if the issue persists
Use additional recommendations to troubleshoot common application problems.
If the issue persists, collect diagnostic data and submit a request to Kaspersky Technical Support via Kaspersky CompanyAccount. In your request, specify:
- How KESW removal affects the cause and symptoms of the problem.
- Which recommendations from this article you have used.
- Which component causes the problem (describe the diagnostics results).
Useful references
Messages "Certificate verification problem detected" and "Cannot guarantee authenticity of the domain to which encrypted connection is established" when trying to open a website
Scan.Generic.PortScan and DoS.Generic.Flood events in Kaspersky Endpoint Security for Windows
Issues with connecting Microsoft Outlook to Microsoft Exchange after installing Cumulative Update 14