Kaspersky Endpoint Security 12 for Windows

Excluding encrypted connections from scanning

8 July 2024

ID 175151

Most web resources use encrypted connections. Kaspersky experts recommend that you enable Encrypted connections scan. If encrypted connections scan interferes with work-related activity, you can add a website to exclusions referred to as trusted addresses. In this case, Kaspersky Endpoint Security does not scan HTTPS traffic of trusted web addresses when Web Threat Protection, Mail Threat Protection, Web Control components are doing their work.

If a trusted application uses an encrypted connection, you can disable encrypted connections scan for this application. For example, you can disable encrypted connections scan for cloud storage applications that use two-factor authentication with their own certificate.

How to exclude a web address from encrypted connection scans in the Administration Console (MMC)

How to exclude a web address from encrypted connection scans in Web Console and Cloud Console

How to exclude a web address from encrypted connection scans in the application interface

By default, Kaspersky Endpoint Security does not scan encrypted connections when errors occur and adds the website to a special list of Domains with scan errors. Kaspersky Endpoint Security compiles a separate list for each user and does not send data to Kaspersky Security Center. You can enable blocking the connection when a scan error occurs. You can view a list of domains with encrypted connections scan errors only in the local interface of the application.

To view the list of domains with scan errors:

  1. In the main application window, click the Application settings icon in the form of a gear wheel. button.
  2. In the application settings window, select General settingsNetwork settings.
  3. In the Encrypted connections scan block, click the Domains with scan errors button.

A list of domains with scan errors opens. To reset the list, enable blocking connection when scan errors occur in the policy, apply the policy, then reset the parameter to its initial value and apply the policy again.

Kaspersky specialists make a list of global exceptions — trusted websites that Kaspersky Endpoint Security does not check regardless of the application settings.

To view the global exclusions from encrypted traffic scans:

  1. In the main application window, click the Application settings icon in the form of a gear wheel. button.
  2. In the application settings window, select General settingsNetwork settings.
  3. In the Encrypted connections scan block, click the list of trusted websites link.

This opens a list of websites compiled by Kaspersky experts. Kaspersky Endpoint Security does not scan protected connections for websites on the list. The list may be updated when Kaspersky Endpoint Security databases and modules are updated.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.