If you are using the distributed solution and multitenancy mode, use the web interface of the PCN or SCN server for which you want to configure parameters.
You can enable or disable real-time scanning of ICAP traffic if integration with a proxy server via ICAP is enabled.
If real-time scanning of ICAP traffic is enabled, Kaspersky Anti Targeted Attack Platform sends information about scanned objects to the ICAP client in real time. This helps prevent downloading malicious objects and clicking untrusted links.
To enable or disable real-time scanning of ICAP traffic on a server with the Central Node and Sensor components installed:
This opens a window with information about the component.
If you select this option, real-time scanning of ICAP traffic is disabled. This option is selected by default.
When this type of scan is enabled, the reputation of files and URLs is checked against the knowledge base of Kaspersky Security Network, and files are scanned by the Sandbox component and Anti-Malware Engine and YARA modules. The files remain available while they are being scanned by the Sandbox component.
When this type of scan is enabled, the reputation of files and URLs is checked against the knowledge base of Kaspersky Security Network, and files are scanned by the Sandbox component and Anti-Malware Engine and YARA modules. The files are unavailable while they are being scanned by the Sandbox component.
If you want to get the user name from the ICAP server, set the Extract user name toggle switch field to Enabled. If you need to use Base64 decoding, select the Use Base64 decoding check box.
Real-time scanning of ICAP traffic is enabled or disabled.
To enable or disable real-time scanning of ICAP traffic on an individual server with the Sensor component installed:
This opens the settings menu for the Sensor component. If the menu does not open, enter the kata-admin-menu
command and press
ENTER.
To select a row, you can use the ↑, ↓, and ENTER keys. The selected row is highlighted in red.
If you select this option, real-time scanning of ICAP traffic is disabled. This option is selected by default.
When this type of scan is enabled, the reputation of files and URLs is checked against the knowledge base of Kaspersky Security Network, and files are scanned by the Anti-Malware Engine and YARA modules.
When this type of scan is enabled, the reputation of files and URLs is checked against the knowledge base of Kaspersky Security Network, and files are scanned by the Sandbox component and Anti-Malware Engine and YARA modules.
To select a row, you can use the ↑ and ↓ keys. The selected row is highlighted in red.
Real-time scanning of ICAP traffic on an individual server with the Sensor component is enabled or disabled.
If you enabled real-time scanning of ICAP traffic, scanning does not work if integration with the proxy server is disabled. All ICAP traffic scanning settings are saved. When you re-enable integration with the proxy server, ICAP traffic scanning is also enabled.
Page top