Contents
Configuring encrypted connections scan in the Web Console
In the Web Console, you can configure settings for encrypted connections scans in the policy properties (Application settings → General settings → Network settings).
Encrypted connections scan settings
Setting |
Description |
|---|---|
Encrypted connections scan is enabled / disabled |
This toggle switch enables or disables the encrypted connections scan. The check toggle button is switched on by default. |
Trusted root certificates |
Clicking Manage trusted root certificates opens the Trusted root certificates window, in which you can configure the list of trusted certificates. The list is used when scanning encrypted connections. |
Visiting a domain with an untrusted certificate |
You can select the action that the application performs when a domain with an untrusted certificate is visited:
|
Visiting a domain with an encrypted connections scan error |
You can select the action that the application performs when a domain with an encrypted connections scan error is visited:
|
Certificate verification policy |
You can select how the application verifies certificates:
|
Trusted domains |
Clicking Configure trusted domains opens the Trusted domains window, in which you can configure the list of trusted domain names. |
Monitor all network ports |
If this option is selected, the application monitors all network ports. |
Monitor selected network ports only |
If this option is selected, the application monitors only the network ports specified in the Monitored ports window. This option is selected by default. |
Monitored ports |
Clicking the Configure network port settings link opens the Monitored ports window, where you can specify the network ports to be monitored by the application. |
Trusted certificates window
You can configure a list of root certificates considered trusted by Kaspersky Embedded Systems Security. The list of trusted root certificates is used when scanning encrypted connections.
The following information is displayed for each certificate:
- certificate subject
- certificate serial number
- certificate issuer
- certificate start date
- certificate expiration date
- SHA256 certificate fingerprint
By default, the certificate list is empty.
You can add and remove certificates.
Adding a trusted certificate window
In this window, you can add a certificate to the list of trusted certificates.
The Add certificate link opens the standard file selection window. Indicate the path to the file that contains the certificate, in DER or PEM format.
After the certificate file is selected, the window displays certificate information and the file path.
Page topTrusted domains window
This list contains the domain names and domain name masks that will be excluded from encrypted connection scans.
Example: *example.com. For example, *example.com/* is incorrect because a domain address, not a web page, needs to be specified.
By default, the list is empty.
You can add, edit and remove domains from the list of trusted domains.
Page topMonitored ports
The table contains network ports that the application must monitor if in the Network settings window, under Monitored port, the Monitor selected network ports only option is selected.
The table contains two columns:
- Port – monitored port.
- Description – description of the monitored port.
By default, the table displays a list of network ports that are usually used for the transmission of mail and network traffic. The list of network ports is included in the application package.
You can add, edit, and delete items in the table.
Page top