Encrypted connections scan settings

Support

Support for business applications

Kaspersky Endpoint Security 11 for Linux

Managing the application using the command line

Encrypted connections scan

Encrypted connections scan settings

December 12, 2023

ID 198037

All available values and default values for each setting are described in the table below.

When the encrypted connection scan settings are changed, the application records a NetworkSettingsChanged event in the log file.

Encrypted connections scan settings

Setting	Description	Values

`EncryptedConnectionsScan`	Enables or disables encrypted traffic scan. For the FTP protocol, encrypted connections scan is disabled by default.	`Yes` (default value) — Enable encrypted connection scans. `No` — Disable encrypted connection scans. The application does not decrypt the encrypted traffic.
`EncryptedConnectionsScanErrorAction`	Specifies the action to perform when an encrypted connection scan error occurs on a website.	`AddToAutoExclusions` (default value) — Add the domain where an error occurred to the list of domains with scan errors. The application will not monitor encrypted network traffic when this domain is visited. `Disconnect` — Block the network connection.
`CertificateVerificationPolicy`	Specifies the way Kaspersky Endpoint Security checks certificates. If a certificate is self-signed, the application does not perform the additional verification.	`FullCheck` (default value) — The application uses the Internet to check and download the missing chains that are required to verify a certificate. `LocalCheck` — The application does not use the Internet to verify a certificate.
`UntrustedCertificateAction`	Specifies the action to perform when an encrypted connection scan error occurs on a website.	`Allow` (default value) — Allow network connections established while visiting a domain with an untrusted certificate. `Block` — Block network connections established while visiting a domain with an untrusted certificate.
`ManageExclusions`	Enables or disables the use of the encrypted connection scan exclusions.	`Yes` — Do not scan websites specified in the `[Exclusions.item_#]` section. `No` (default value) — Scan all websites.
`MonitorNetworkPorts`	Specifies the way Kaspersky Endpoint Security monitors network ports.	`Selected` (default value) — Monitor only network ports specified in the `[NetworkPorts.item_#]` section (see below). `All` — Monitor all network ports. Specifying this value may significantly increase an operating system load.
The [Exclusions.item_#] section contains domains excluded from scans. The application does not scan encrypted connections established when visiting specified domains.
`DomainName`	Specifies the domain name. You can use masks to specify the domain.	The default value is not defined.
The [NetworkPorts.item_#] section contains the network ports monitored by the application.
`PortName`	Network port description.	The default value is not defined.
`Port`	Network port numbers to be monitored by the application.	`1` – `65535` The default value is not defined.

Kaspersky Endpoint Security for Linux: High protection without performance compromising

Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.