Contents
Configuring encrypted connections scan in the Administration Console
In the Administration Console, you can configure settings for encrypted connections scans in the policy properties (General settings → Network settings).
Encrypted connections scan settings
Setting |
Description |
|---|---|
Enable encrypted connections scan |
This check box enables or disables the encrypted connections scan. The check box is selected by default. |
Visiting a domain with an untrusted certificate |
In the drop-down list, you can select the action that the application performs when a domain with an untrusted certificate is visited:
|
Visiting a domain with an encrypted connections scan error |
In the drop-down list, you can select the action that the application performs when a domain with an encrypted connections scan error is visited:
|
Certificate verification policy |
In the drop-down list, you can select how the application verifies certificates:
|
Trusted domains |
This group of settings contains the Configure button, which opens the Trusted domains window, where you can configure the list of trusted domain names. |
Trusted root certificates |
This group of settings contains the Configure button, which opens the Trusted root certificates window, where you can configure the list of trusted root certificates. The list is used when scanning encrypted connections. |
Network ports settings |
This group of settings contains the Configure button. Clicking this button opens the Monitored ports window. |
Trusted domains window
This list contains the domain names and domain name masks that will be excluded from encrypted connection scans.
Example: *example.com. For example, *example.com/* is incorrect because a domain address, not a web page, needs to be specified.
By default, the list is empty.
You can add, edit and remove domains from the list of trusted domains.
Page topTrusted certificates window
You can configure a list of root certificates considered trusted by Kaspersky Embedded Systems Security. The list of trusted root certificates is used when scanning encrypted connections.
The following information is displayed for each certificate:
- certificate subject
- certificate serial number
- certificate issuer
- certificate start date
- certificate expiration date
- SHA256 certificate fingerprint
By default, the certificate list is empty.
You can add and remove certificates.
Page topAdding certificate window
In this window, you can add a certificate to the trusted certificate list in one of the following ways:
- Indicate the path to the certificate file. The Browse button opens the standard file selection window. Indicate the path to the file that contains the certificate, in DER or PEM format.
- Copy the contents of the certificate file to the Enter certificate details field.
Monitored ports
Network ports settings
Setting |
Description |
|---|---|
Monitor all network ports |
If this option is selected, the application monitors all network ports. |
Monitor selected network ports only |
If this option is selected, the application monitors only the network ports specified in the table. This option is selected by default. |
Network ports settings |
This table contains network ports monitored by the application if the Monitor selected network ports only option is selected. The table contains two columns:
By default, the table displays a list of network ports that are usually used for the transmission of mail and network traffic. The list of network ports is included in the application package. |