Support

Support for business applications

Kaspersky Endpoint Security 11 for Windows

Appendices

Appendix 1. Application settings

Network settings

Kaspersky Endpoint Security 11 for Windows
Нет результатов
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools Product videos

Network settings

April 25, 2024

ID 178483

Get as PDF

You can configure the proxy server used for connecting to the Internet and updating anti-virus databases, select the network port monitoring mode, and configure encrypted connections scan.

Network options

Parameter

Description

Limit traffic on metered connections

If this check box is selected, the application limits its own network traffic when the Internet connection is limited. Kaspersky Endpoint Security identifies a high-speed mobile Internet connection as a limited connection and identifies a Wi-Fi connection as an unlimited connection.

Cost-Aware Networking works on computers running Windows 8 or later.

Inject script into web traffic to interact with web pages

If the check box is selected, Kaspersky Endpoint Security injects a web page interaction script into web traffic. This script ensures that the Web Control component can work correctly. The script enables registration of Web Control events. Without this script, you cannot enable user Internet activity monitoring.

Kaspersky experts recommend injecting this web page interaction script into traffic to ensure correct operation of Web Control.

Proxy server

Settings of the proxy server used for Internet access of users of client computers. Kaspersky Endpoint Security uses these settings for certain protection components, including for updating databases and application modules.

For automatic configuration of a proxy server, Kaspersky Endpoint Security uses the WPAD protocol (Web Proxy Auto-Discovery Protocol). If the IP address of the proxy server cannot be determined by using this protocol, the application uses the proxy server address that is specified in the Microsoft Internet Explorer browser settings.

Bypass proxy server for local addresses

If the check box is selected, Kaspersky Endpoint Security does not use a proxy server when performing an update from a shared folder.

Monitored ports

Monitor all network ports. In this network port monitoring mode, the protection components (File Threat Protection, Web Threat Protection, Mail Threat Protection) monitor data streams that are transmitted via any open network ports of the computer.

Monitor selected network ports only. In this network port monitoring mode, the protection components monitor the selected ports of the computer and the network activity of the selected applications. The list of network ports that are normally used for transmission of email and network traffic is configured according to the recommendations of Kaspersky experts.

Monitor all ports for the applications from the list recommended by Kaspersky. This uses a predefined list of applications whose network ports are monitored by Kaspersky Endpoint Security. For example, this list includes Google Chrome, Adobe Reader, Java, and other applications.

Monitor all ports for specified applications. This uses a list of applications whose network ports are monitored by Kaspersky Endpoint Security.

Encrypted connections scan

Kaspersky Endpoint Security scans encrypted network traffic transmitted over the following protocols:

  • SSL 3.0.
  • TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3.

    Kaspersky Endpoint Security supports the following encrypted connection scanning modes:

  • Do not scan encrypted connections. Kaspersky Endpoint Security will not have access to the contents of websites whose addresses begin with https://.
  • Scan encrypted connections upon request from protection components. Kaspersky Endpoint Security will scan encrypted traffic only when requested by the Web Threat Protection, Mail Threat Protection, and Web Control components.
  • Always scan encrypted connections. Kaspersky Endpoint Security will scan encrypted network traffic even if protection components are disabled.

Kaspersky Endpoint Security does not scan encrypted connections that were established by trusted applications for which traffic scanning is disabled. Kaspersky Endpoint Security does not scan encrypted connections from the predefined list of trusted websites. The predefined list of trusted websites is created by Kaspersky experts. This list is updated with the application's anti-virus databases. You can view the predefined list of trusted websites only in the Kaspersky Endpoint Security interface. You cannot view the list in the Kaspersky Security Center Console.

Trusted root certificates

List of trusted root certificates. Kaspersky Endpoint Security lets you install trusted root certificates on user computers if, for example, you need to deploy a new certification center. The application lets you add a certificate to a special Kaspersky Endpoint Security certificate store. In this case, the certificate is considered trusted only for the Kaspersky Endpoint Security application. In other words, the user can gain access to a website with the new certificate in the browser. If another application tries to gain access to the website, you can get a connection error because of a certificate issue. To add to the system certificate store, you can use Active Directory group policies.

When visiting a domain with an untrusted certificate
  • Allow. When visiting a domain with an untrusted certificate, Kaspersky Endpoint Security allows the network connection.

    When opening a domain with an untrusted certificate in a browser, Kaspersky Endpoint Security displays an HTML page showing a warning and the reason why visiting that domain is not recommended. A user can click the link from the HTML warning page to obtain access to the requested web resource.

    If a third-party application or service establishes a connection with a domain with an untrusted certificate, Kaspersky Endpoint Security creates its own certificate to scan traffic. The new certificate has the Untrusted status. This is necessary to warn the third-party application about the untrusted connection because the HTML page cannot be shown in this case and the connection can be established in background mode.

  • Block connection. When visiting a domain with an untrusted certificate, Kaspersky Endpoint Security blocks the network connection. When opening a domain with an untrusted certificate in a browser, Kaspersky Endpoint Security displays an HTML page showing the reason why that domain is blocked.

When encrypted connections scan errors occur
  • Block connection. If this item is selected, when an encrypted connection scan error occurs, Kaspersky Endpoint Security blocks the network connection.
  • Add domain to exclusions. If this item is selected, when an encrypted connection scan error occurs, Kaspersky Endpoint Security adds the domain that resulted in the error to the list of domains with scan errors and does not monitor encrypted network traffic when this domain is visited. You can view a list of domains with encrypted connections scan errors only in the local interface of the application. To clear the list contents, you need to select Block connection. Kaspersky Endpoint Security also generates an event for the encrypted connection scan error.

Block SSL 2.0 connections (recommended)

If the check box is selected, the application blocks network connections established over the SSL 2.0 protocol.

If the check box is cleared, the application does not block network connections established over the SSL 2.0 protocol and does not monitor network traffic transmitted over these connections.

Decrypt encrypted connections with websites that use EV certificates

EV certificates (Extended Validation Certificates) confirm the authenticity of websites and enhance the security of the connection. Browsers use a lock icon in their address bar to indicate that a website has an EV certificate. Browsers may also fully or partially color the address bar in green.

If the check box is selected, the application decrypts and monitors encrypted connections with websites that use an EV certificate.

If the check box is cleared, the application does not have access to the contents of HTTPS traffic. For this reason, the application monitors HTTPS traffic only based on the website address, for example, https://bing.com.

If you are opening a website with an EV certificate for the first time, the encrypted connection will be decrypted regardless of whether or not the check box is selected.

Trusted addresses

This uses a list of web addresses for which Kaspersky Endpoint Security does not scan network connections. You can enter a domain name or an IP address. Kaspersky Endpoint Security supports the * character for entering a mask in the domain name.

Kaspersky Endpoint Security does not support the * symbol for IP addresses. You can select a range of IP addresses using a subnet mask (for example, 198.51.100.0/24).

Examples:

  • domain.com – the record is inclusive of the following addresses: https://domain.com, https://www.domain.com, https://domain.com/page123. The record is exclusive of subdomains (for example, subdomain.domain.com).
  • subdomain.domain.com – the record is inclusive of the following addresses: https://subdomain.domain.com, https://subdomain.domain.com/page123. The record is exclusive of the domain.com domain.
  • *.domain.com – the record is inclusive of the following addresses: https://movies.domain.com, https://images.domain.com/page123. The record is exclusive of the domain.com domain.

Trusted applications

List of applications whose activity is not monitored by Kaspersky Endpoint Security during its operation. You can select the types of application activity that Kaspersky Endpoint Security will not monitor (for example, do not scan network traffic). Kaspersky Endpoint Security supports environment variables and the * and ? characters when entering a mask.

Use the selected certificate store to scan encrypted connections in Mozilla applications

(available only in the Kaspersky Endpoint Security interface)

If this check box is selected, the application scans encrypted traffic in the Mozilla Firefox browser and Thunderbird mail client. Access to some websites via the HTTPS protocol may be blocked.

To scan traffic in the Mozilla Firefox browser and the Thunderbird mail client, you must enable the Encrypted Connections Scan. If Encrypted Connections Scan is disabled, the application does not scan traffic in the Mozilla Firefox browser and Thunderbird mail client.

The application uses the Kaspersky root certificate to decrypt and analyze encrypted traffic. You can select the certificate store that will contain the Kaspersky root certificate.

  • Use Windows certificate store (recommended). The Kaspersky root certificate is added to this store during installation of Kaspersky Endpoint Security.
  • Use Mozilla certificate store. Mozilla Firefox and Thunderbird use their own certificate stores. If the Mozilla certificate store is selected, you need to manually add the Kaspersky root certificate to this store through the browser properties.

See also: Managing the application via the local interface

Monitoring user Internet activity

Using a proxy server for updates

Network ports monitoring

Creating a list of monitored network ports

Encrypted connections scan

Enabling encrypted connections scan

Creating the list of trusted web addresses

Editing the list of trusted applications

Scanning encrypted connections in Firefox and Thunderbird

Kaspersky Endpoint Security for Windows: Detection of advanced threats
Control systems which prevent damage from the sensitive data theft. Management from a single console. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.