Excluding web resources from secure connections scan

Kaspersky Security does not decrypt traffic or check security certificates for web resources of trusted domains. You can generate a list of trusted domains through Kaspersky Security Center or in the local interface of Light Agent for Windows.

To create the list of trusted domains using Kaspersky Security Center:

1. Open Kaspersky Security Center Administration Console.
2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
3. In the workspace, select the Policies tab.
4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
5. In the policy properties window, select the Network traffic monitoring section in the list on the left.
6. In the right part of the window, in the Secure connections scan section, click the Trusted domains button.
7. In the Trusted domains window that opens, configure the list of trusted domains:
   • To add a domain to the list of trusted domains:
     1. Click the Add button.
     2. In the Domain window that opens, enter the name, IP address, IP range (for example 198.51.100.0/24), or the web address of the domain.

        The scan exclusion is not applied to web resources of subdomains of the specified domain. If you want to exclude web resources of subdomains from secure connections scan, enter the domain mask in the format *.example.com.

     3. In the Domain window, click OK.
   • To change the name or address of a trusted domain:
     1. Select the domain in the list and click Edit.
     2. In the Domain window that opens, enter the new domain name, IP address, IP range (for example 198.51.100.0/24), web address or domain mask in the *.example.com format and click OK.
   • To remove a domain from the list of trusted domains, select it in the list and click Delete.
   • If you want to temporarily cancel scan exclusion for web resources of a domain without removing the domain from the list of trusted domains, clear the check box next to the domain in the list. By default, all web resources of domains added to the list are excluded from secure connections scan.
8. In the Trusted domains window, click OK.
9. Click the Apply button.

To create the list of trusted domains in the local interface:

1. On the protected virtual machine, open the application settings window.
2. In the left part of the window, in the Other settings section, select Network traffic monitoring.

   In the right part of the window the settings for Network Ports Monitoring and for Scanning Secure Connections are displayed.

   If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

3. Complete steps 6–8 of the previous instructions.
4. To save changes, click the Save button.