How to configure the Encrypted connections scan

The settings for the encrypted connections scan are used by the Web Threat Protection component. The Web Threat Protection component can decrypt and inspect network traffic sent over secure connections.

The encrypted connections scan is enabled by default. You can disable or enable the encrypted connections scan at any time.

By modifying the encrypted connections scan settings, you can:

Select the action to be performed by the application upon detection of an untrusted certificate.
Select the action to be performed when an encrypted connections scan error occurs on a website.
Enable or disable the use of the Internet for certificate verification.
View and configure a list of trusted domains.
The application will not scan encrypted connections established when visiting listed domains.
Configure a list of certificates that the application will consider trusted when performing an encrypted connections scan.
Configure a list of network ports to be monitored by the application.
You can specify the network ports or network port ranges to be monitored.

When the encrypted connections scan settings are changed, the application records a NetworkSettingsChanged event in the log file.

Special administration commands are provided in the command line for administering the settings for the encrypted connections scan. Using the commands for managing the settings for the encrypted connections scan, you can:

Configure settings for the encrypted connections scan.
View exclusions from the encrypted connections scan.
Clear the list of domains that the application automatically excluded from the scan.
Manage the list of certificates that the application considers to be trusted.

If the encrypted connections scan is enabled, you cannot see the information about the real security certificate of the server you are connecting to.

If you try to connect to a server that does not support the encrypted connections scan, the application will not be able to scan the encrypted connection with that server.

The application does not scan encrypted connections in the following cases:

The server you are connecting to uses protocols that the application does not support.
The server you are connecting to does not support the encrypted connection scan.
The domain of the server you are connecting to is in your list of exclusions.
None of the protection components of the Kaspersky application have requested traffic decryption.
The connection is made using the legacy SSL 2.0 protocol.

In this Help section

How to view and edit Encrypted connections scan settings

How to view exclusions from the encrypted connections scan

How to manage the list of trusted certificates

Article ID: 287142, Last review: Apr 9, 2025

Page top