Updating from an HTTPS server

This functionality is available starting with Kaspersky Scan Engine 2.0.

You can configure your environment for getting updates from an HTTPS server.

To configure updating from an HTTPS server:

1. Create an HTTPS server as a mirror for storing the anti-virus database files.
2. On the HTTPS server, configure Updater SDK (or the keep-up-to-date tool) to perform updating and distribution of the anti-virus database files.

   You must use Updater SDK or the keep-up-to-date tool on the HTTPS server. It is not possible to create or configure the mirror server by using Kaspersky Scan Engine. You can get the Updater SDK from the person at Kaspersky who provided you with the Kaspersky Scan Engine distribution kit.

3. On the computers that will use the HTTPS server, configure Kaspersky Scan Engine to download updates from the HTTPS server.

   For the kavhttpd or kavicapd service, do the following:

   • In the UpdateSettings > UpdatesCertFile element of the kavhttpd or kavicapd configuration file, specify the local path to the root certificate of the key with which the TLS certificate of your HTTPS server is signed.

     You can leave the value of this element empty.

   • In the UpdateSettings > UpdateSources element of the kavhttpd or kavicapd configuration file, specify the address of the HTTPS server.
   • In the UpdateSettings > UseOnlyCustomSources element of the kavhttpd or kavicapd configuration file, specify 1.
   • In the UpdateSettings > CertificateConfirmationAction element of the kavhttpd or kavicapd configuration file, specify the value according to the desired action to undertake if the update server uses an untrusted certificate.
4. Restart Kaspersky Scan Engine.