Contents
Encrypted connections scan
You can configure settings for scanning the encrypted connections used in the Web Threat Protection task.
You can also configure the list of trusted certificates, which is used when scanning encrypted connections.
Encrypted connections scan settings
All available values and default values for each setting are described in the table below.
When the encrypted connection scan settings are changed, the application records a NetworkSettingsChanged event in the log file.
Encrypted connections scan settings
Setting |
Description |
Values |
|---|---|---|
|
Enables or disables encrypted traffic scan. For the FTP protocol, encrypted connections scan is disabled by default. |
|
|
Specifies the action to perform when an encrypted connection scan error occurs on a website. |
|
|
Specifies the way Kaspersky Embedded Systems Security checks certificates. If a certificate is self-signed, the application does not perform the additional verification. |
|
|
Specifies the action to perform when an encrypted connection scan error occurs on a website. |
|
|
Enables or disables the use of the encrypted connection scan exclusions. |
|
|
Specifies the way Kaspersky Embedded Systems Security monitors network ports. |
|
The [Exclusions.item_#] section contains domains excluded from scans. The application does not scan encrypted connections established when visiting specified domains. |
||
|
Specifies the domain name. You can use masks to specify the domain. |
The default value is not defined. |
The [NetworkPorts.item_#] section contains the network ports monitored by the application. |
||
|
Network port description. |
The default value is not defined. |
|
Network port numbers to be monitored by the application. |
The default value is not defined. |
Managing encrypted connections scan settings
You can manage encrypted connections scan settings from the command line.
To view the list of encrypted connection scan exclusions added by a user, execute the following command:
kess-control -N --query user
To view the list of encrypted connection scan exclusions added by a user, execute the following command:
kess-control -N --query auto
To view the list of encrypted connection scan exclusions received from the application databases, execute the following command:
kess-control -N --query kl
To clear a list of domains that the application automatically excluded from scan, execute the following command:
kess-control -N --clear-web-auto-excluded
To view encrypted connection scan settings, execute the following command:
kess-control [-N] --get-net-settings [--file <file path and name>]
The output format is INI.
To set encrypted connection scan settings, execute the following command:
kess-control [-N] --set-net-settings [--file <file path and name>]
Managing trusted certificates
You can set the list of certificates that will be trusted by the application. The list of trusted certificates is used when scanning encrypted connections.
You can manage the trusted certificate list from the command line.
To add a certificate to the trusted certificate list, run the following command:
kess-control [-N] --add-certificate <path to certificate>
where:
<path to certificate> is the path to the certificate file that you want to add (PEM or DER format).
To remove a certificate from the trusted certificate list, run the following command:
kess-control [-N] --remove-certificate <certificate subject>
To view the list of trusted certificates, execute the following command:
kess-control [-N] --list-certificates
The following information is displayed for each certificate:
- certificate subject
- serial number
- certificate issuer
- certificate start date
- certificate expiration date
- SHA-256 certificate thumbprint