Network traffic scanning settings are used by Web Threat Protection, Network Threat Protection, and Web Control. The Web Threat Protection and Web Control components can decrypt and inspect network traffic sent over secure connections. The encrypted connections scan is enabled by default.
You can manage the following network traffic scan settings:
Enable or disable encrypted connections scanning.
Select the action to be performed by the application upon detection of an untrusted certificate.
Select the action to be performed when an encrypted connections scan error occurs on a website.
Enable or disable the use of the Internet for certificate verification.
View and configure a list of trusted domains. The application will not scan encrypted connections established when visiting specified domains.
Configure a list of root certificates that the application will consider trusted when performing an encrypted connections scan.
Configure traffic interception exclusions You can specify connections to be excluded from traffic interception. An excluded connection is defined by the following parameters:
Traffic direction, inbound or outbound.
Remote IP address, the IP address to which the traffic excluded from interception is going to or coming from (depending on the direction of traffic).
Destination port, a port on a protected device (in an inbound traffic interception exclusion) or a port on a remote device (in an outbound traffic interception exclusion).
You can also configure traffic interception exclusions for Kaspersky Endpoint Security using operating system tools.
Configure a list of network ports to be monitored by the application. You can specify the network ports or network port ranges to be monitored.
If you want to intercept network connections to the NFS server, you need to make sure that the NFS server is started with the insecure option (so that it accepts connections from ports outside the 1–1024 range), otherwise the NFS server may reject such connections.
When the network traffic scan settings are changed, the application records a NetworkSettingsChanged event in the log file.