Contents
- Managing ICAP exclusions
- Viewing the ICAP exclusion table
- Adding a rule to ICAP exclusions
- Removing rules from ICAP exclusions
- Editing or disabling a rule in the ICAP exclusion list
- Filtering rules in the ICAP exclusion list by criterion
- Filtering rules in the ICAP exclusion list by value
- Filtering rules in the ICAP exclusion list by state
- Clearing rule filter conditions in the ICAP exclusion list
Managing ICAP exclusions
Users with the Senior security officer can create an ICAP exclusion list, that is, a list of data that Kaspersky Anti Targeted Attack Platform must not scan. You can create ICAP exclusion rules for the following data:
- Format.
- User Agent.
- MD5.
- URL mask.
- Source IP or subnet.
Users with the Security auditor and Security officer roles can view the list of ICAP exclusion rules.
In distributed solution mode, ICAP exclusions created on an SCN apply to all Sensor components connected to that SCN. ICAP exclusions created on a PCN apply to the SCN installed on the same device as the PCN and to all Sensor components connected to that SCN.
Viewing the ICAP exclusion table
To view the ICAP exclusion table:
- In the main window of the application web interface, select the Settings section, Exclusions subsection.
- Open the ICAP tab.
The table of data that Kaspersky Anti Targeted Attack Platform must not scan is displayed. You can filter the rules by clicking links in column headers.
The table columns contain the following information:
- Value—Value of the criterion.
- Criterion—Criterion for adding an entry to the list of allowed objects.
- State is the state of the rule.
Adding a rule to ICAP exclusions
ICAP exclusion rules are processed if a rule for the data has not been previously added to the scan exclusion rules.
To add rule to ICAP exclusions:
- In the main window of the application web interface, select the Settings section, Exclusions subsection.
- Open the ICAP tab.
- In the upper-right corner of the application web interface window, click Add.
This opens the New rule window.
- Move the State toggle switch to the position you need.
By default, the toggle switch is in the Enabled position.
- In the Criterion drop-down list, select one of the following criteria for adding a rule to the list of ICAP exclusions:
- Format.
- User Agent.
- MD5.
- URL mask.
- Source IP or subnet.
- Depending on the selected criterion, in the Value field, specify the following information:
- If you selected Format, select the file format that you want to add from the drop-down list.
When you add an ICAP exclusion rule by format, web page content of the corresponding format is loaded without scanning, and the display of web pages is not disrupted.
- If you selected User Agent, enter the
User agent header of HTTP requests
containing browser information. - If you selected MD5, enter the MD5 hash of the file.
- If you selected URL mask, enter the URL mask.
You can use the following special characters in the mask:
* – any sequence of characters.
? – any single character.
If the
*
or?
characters are part of the full URL that you want to add to the list of scan exclusions, use the\
character when entering the URL to escape a single*
,?
, or \ character that follows it.In the URL mask field, you can enter domain names containing Cyrillic characters. In this case, the address is converted to Punycode and processed in accordance with application settings.
- If you selected Source IP or subnet, enter an address or subnet (for example, 255.255.255.0).
- If you selected Format, select the file format that you want to add from the drop-down list.
- Click Add.
The rule is added to the ICAP exclusion list.
Users with the Security auditor and Security officer roles cannot add an ICAP exclusion rule.
Page topRemoving rules from ICAP exclusions
To remove one or more rules from ICAP exclusions:
- In the main window of the application web interface, select the Settings section, Exclusions subsection.
- Open the ICAP tab.
- Select the check box to the left of each rule that you want to remove from the list of ICAP exclusions.
If you want to delete all rules, select the check box above the list.
- In the lower part of the window, click Delete.
- This opens a window; in that window, click Yes to confirm the deletion of rules.
The selected rules are removed from the list of ICAP exclusions. Data that was previously listed in the ICAP exclusion rules are now scanned by Kaspersky Anti Targeted Attack Platform.
Users with the Security auditor and Security officer roles cannot remove entries from the list of ICAP exclusions.
Editing or disabling a rule in the ICAP exclusion list
To edit a rule in the ICAP exclusion list:
- In the main window of the application web interface, select the Settings section, Exclusions subsection.
- Open the ICAP tab.
- Select the rule that you want to modify.
This opens the Edit rule window.
- Make the necessary changes to the State, Criterion, and Value fields.
- Click Save.
The rule is modified.
To disable a rule in the ICAP exclusion list:
- In the main window of the application web interface, select the Settings section, Exclusions subsection.
- Open the ICAP tab.
- To the right of the rule that you want to disable in the ICAP exclusion list, in the State column, move the toggle switch to the Disabled position.
- This opens a window; in that window, click Yes to confirm the disabling of the rule.
The rule is disabled.
Users with the Security auditor and Security officer roles cannot edit or disable rules in the list of ICAP exclusions.
Filtering rules in the ICAP exclusion list by criterion
To filter rules in the ICAP exclusion list by criterion:
- In the main window of the application web interface, select the Settings section, Exclusions subsection.
- Open the ICAP tab.
- Click the Criterion link to open the filter configuration window.
- Select one or more check boxes next to criteria by which you want to filter the rules:
- Format.
- User Agent.
- MD5.
- URL mask.
- Source IP or subnet.
- Click Apply.
The filter configuration window closes.
The list of ICAP exclusions displays only rules that match the specified filtering conditions. You can filter by the Value and State columns at the same time.
Page topFiltering rules in the ICAP exclusion list by value
To filter rules in the ICAP exclusion list by value:
- In the main window of the application web interface, select the Settings section, Exclusions subsection.
- Open the ICAP tab.
- Click the Value link to open the filter configuration window.
- Enter a value.
- Click Apply.
The list of ICAP exclusions displays only rules that match the specified search conditions. You can filter by the Criterion and State columns at the same time.
Filtering rules in the ICAP exclusion list by state
To filter rules in the ICAP exclusion list by state:
- In the main window of the application web interface, select the Settings section, Exclusions subsection.
- Open the ICAP tab.
- Click the State link to open the filter configuration window.
- Select the check box next to one of the values:
- Enabled
- Disabled
- Click Apply.
The list of ICAP exclusions displays only rules that match the specified search conditions. You can filter by the Criterion and Value columns at the same time.
Page topClearing rule filter conditions in the ICAP exclusion list
To clear the filter conditions for rules in the ICAP exclusion list:
- In the main window of the application web interface, select the Settings section, Exclusions subsection.
- Open the ICAP tab.
- Click
to the right of the header of the Value, Criterion, or State column in the table for which you want to reset the filter conditions.
If you want to clear several filter conditions, perform the necessary actions to clear each filter condition.
The selected filter conditions are cleared. The list of ICAP exclusions displays only rules that match the specified conditions.
Page top