Traffic Security

• This component is available only on the servers running on Microsoft Windows Server 2008 R2 operating system and higher.
• Traffic cannot be verified when web connections are made using a cryptographic token.
• We do not recommend including VPN traffic in the protection scope (port 1723).
• IPv6 addresses are not supported.
• The application considers self-signed certificates as invalid and blocks such connections if the Do not trust web-servers with invalid certificate check box is selected in the task settings.
• The application processes only TCP packets.
• Mail threat protection does not scan outgoing mail traffic.
• We recommend that you install the Network Agent component of Kaspersky Security Center before starting the Traffic Security task. If Traffic Security component was installed and the task started before installation of the Network Agent, then restart the Traffic Security task. For more information on Kaspersky Security Center Network Agent component please refer to the Kaspersky Security Center Online Help.
• Traffic Security does not work with Yandex.Disk or Dropbox.
• VPN limitations: there might be issues when working via Microsoft VPN connection protocols.
• If the installation is performed via Kaspersky Security Center in Driver Interceptor mode, Traffic Security blocks the connection from Microsoft Management Console (hereinafter referred to as MMC) to the Kaspersky Security Center Administration Server, because this connection uses an untrusted certificate.
• If you run Traffic Security task in Driver Interceptor mode with the Intercept all option enabled, make sure to configure the Kaspersky Security Center Administration Server to use the default port (13299) for connection with the Kaspersky Security Center Web Console (for more information, refer to Kaspersky Security Center Online Help), or, if you use a custom port, make sure to add this port to the Traffic Security task's list of excluded ports. Otherwise, Traffic Security blocks the connection from the Kaspersky Security Center Web Console to the Kaspersky Security Center Administration Server.
• The component blocks connections to websites that use old technologies to generate root certificates, for example, sha1 certificates.
• The Do not scan objects larger than (MB) value cannot exceed 100MB. If a large value is specified and the Internet connection is slow, there might be difficulties when receiving large files. The recommended value is 20 MB.
• The application recognizes HTTPS connections as dangerous and blocks them if the following conditions are satisfied:
  • The task is running in Driver Interceptor mode.
  • Traffic is redirected from external devices.
  • The devices from which traffic is redirected are protected by Kaspersky Security for Windows Server and the preset Traffic Security task has been run at least once.

We do not recommend using Redirector mode to check traffic redirected from external devices: besides the aforementioned false positives, such a configuration may cause high server load and reduce application performance.