Enabling or disabling real-time scanning of ICAP traffic

If you are using the distributed solution and multitenancy mode, use the web interface of the PCN or SCN server for which you want to configure parameters.

You can enable or disable real-time scanning of ICAP traffic if integration with a proxy server via ICAP is enabled.

If real-time scanning of ICAP traffic is enabled, Kaspersky Anti Targeted Attack Platform sends information about scanned objects to the ICAP client in real time. This helps prevent downloading malicious objects and clicking untrusted links.

To enable or disable real-time scanning of ICAP traffic on a server with the Central Node and Sensor components installed:

  1. Select the Sensor servers section in the window of the application web interface.
  2. Click the card of the relevant Sensor component.

    This opens a window with information about the component.

  3. Click Edit.
  4. Go to the ICAP integration with proxy server tab.
  5. Under Real-time scanning, select one of the following options:
    • Disabled

      If you select this option, real-time scanning of ICAP traffic is disabled. This option is selected by default.

    • Enabled, standard ICAP traffic scanning.

      When this type of scan is enabled, the reputation of files and URLs is checked against the knowledge base of Kaspersky Security Network, and files are scanned by the Sandbox component and Anti-Malware Engine and YARA modules. The files remain available while they are being scanned by the Sandbox component.

    • Enabled, advanced ICAP traffic scanning.

      When this type of scan is enabled, the reputation of files and URLs is checked against the knowledge base of Kaspersky Security Network, and files are scanned by the Sandbox component and Anti-Malware Engine and YARA modules. The files are unavailable while they are being scanned by the Sandbox component.

  6. Under Extract user name:

    If you want to get the user name from the ICAP server, set the Extract user name toggle switch field to Enabled. If you need to use Base64 decoding, select the Use Base64 decoding check box.

  7. Click Save.

Real-time scanning of ICAP traffic is enabled or disabled.

To enable or disable real-time scanning of ICAP traffic on an individual server with the Sensor component installed:

  1. Enter the management console of the Sensor server via the SSH protocol or through a terminal.
  2. When the system prompts you, enter the administrator user name and the password that was set during the installation of the application.

    This opens the settings menu for the Sensor component. If the menu does not open, enter the kata-admin-menu command and press ENTER.

  3. Go to the Program settings → Configure ICAP integration section.

    To select a row, you can use the ↑, ↓, and ENTER keys. The selected row is highlighted in red.

  4. This opens a window; in that window, make sure that [x] is displayed to the right of the Enabled setting.
  5. Select one of the following options:
    • Disable real-time scanning.

      If you select this option, real-time scanning of ICAP traffic is disabled. This option is selected by default.

    • Standard ICAP scanning.

      When this type of scan is enabled, the reputation of files and URLs is checked against the knowledge base of Kaspersky Security Network, and files are scanned by the Anti-Malware Engine and YARA modules.

    • Advanced ICAP scanning.

      When this type of scan is enabled, the reputation of files and URLs is checked against the knowledge base of Kaspersky Security Network, and files are scanned by the Sandbox component and Anti-Malware Engine and YARA modules.

  6. Select an option and press ENTER. (O) is displayed to the right of the selected option.

    To select a row, you can use the ↑ and ↓ keys. The selected row is highlighted in red.

  7. If you enabled real-time scanning of ICAP traffic and enabled the advanced scanning mode or the standard scanning mode, specify the URL from the REQMOD field in the settings of your proxy server.

Real-time scanning of ICAP traffic on an individual server with the Sensor component is enabled or disabled.

If you enabled real-time scanning of ICAP traffic, scanning does not work if integration with the proxy server is disabled. All ICAP traffic scanning settings are saved. When you re-enable integration with the proxy server, ICAP traffic scanning is also enabled.

Page top