General
In this page, you can configure options such as enabling or disabling functionalities and configure exclusions.
The settings are organized into the following sections:
General settings
Intercept Encrypted Traffic - Select this option if you want the Secure Sockets Layer (SSL) web traffic to be inspected by the Bitdefender security agent's protection modules.
for HTTPS- Select this option if you want to extend SSL scanning to HTTP protocol.
The Bitdefender Endpoint Security Tools agent intercepts and scans HTTP/HTTPS on predefined processes on Windows and Mac. Additional processes for Scan HTTPS provides administrators flexibility in scanning custom applications and unsupported browsers.
Note
You can add process names separated by semicolons in the Additional processes field.
for RDP- Select this option if you want to extend SSL scanning to RDP protocol.
Scan FTPS - Select this option to enable outbound traffic monitoring over FTPS protocol on Linux machines.
Scan SCP/SSH - Select this option to enable outbound traffic monitoring over SCP and SSH protocols on Linux machines.
Exclude finance domains - Select this option to exclude any financial domains from scanning.
For details on the authentication procedures using SSH keys, refer to SSH PKI authentication on endpoint outbound connections.
The FTPS protocol defines at least two different ways to start this sequence: explicit (active) security and implicit (passive) security.
Warning
Network Attack Defense only works with implicit (passive) security.
Show browser toolbar (legacy) - The Bitdefender toolbar informs users about the rating of the web pages they are viewing. The Bitdefender toolbar is not your typical browser toolbar. The only thing it ads to the browser is a small dragger at the top of every web page. Clicking the dragger opens the toolbar.
Depending on how Bitdefender classifies the web page, one of the following ratings is displayed on the left side of the toolbar:
The message "This page is not safe" appears on a red background.
The message "Caution is advised" appears on an orange background.
The message "This page is safe" appears on a green background.
Note
This option is not available for macOS.
This option is removed from Windows starting with new installations of Bitdefender Endpoint Security Tools version 6.6.5.82.
Browser Search Advisor (legacy)
Search Advisor rates the results of Google, Bing and Yahoo! searches, as well as links from Facebook and Twitter, by placing an icon in front of every result.
Icons used and their meaning:
You should not visit this web page.
This web page may contain dangerous content. Exercise caution if you decide to visit it.
This is a safe page to visit.
Note
This option is not available for macOS.
This option is removed from Windows starting with new installations of Bitdefender Endpoint Security Tools version 6.6.5.82.
Intercept TLS Handshake - Select this option if you want the security agent to intercept malicious domains during the TLS Handshake phase, detecting potential threats without decrypting traffic.
The feature scans outbound processes, excluding those defined in the HTTPS scan settings, and allows you to respond by either denying access to the page or resetting the connection.
Note
This feature is compatible only with Windows operating systems.
Respond with an Access Denied page - Select this option if you want to display an Access Denied page.
Reset connection - Select this option if you want to reset the user's connection. The user will receive an error explaining that the page cannot be accessed.
Exclusions
You can choose to skip certain traffic of being scanned for malware while the Network Protection options are enabled.
Note
These exclusions apply to Traffic Scan and Antiphishing, in the Web Protection section, and to Network Attack Defense, in the Network Attacks section. Data Protection exclusions are configurable separately, in the Content Control section.
On Linux systems, the exclusions are made at the application level, not at the iptables
level.
To define an exclusion:
Select the exclusion type from the menu.
Depending on the exclusion type, define the traffic entity to be excluded from scanning as follows:
IP/mask - Enter the IP address or the IP mask for which you do not want to scan the incoming and outgoing traffic, which includes network attack techniques.
You can also exclude vulnerability scanners by adding their IP addresses in this section or by duplicating exclusions created in the Firewall section. For details on Firewall exclusions, refer to the "Block port scans" in Firewall Configuration.
URL - Excludes from scanning the specified web addresses. Take into account that URL-based scan exclusions apply differently for HTTP versus HTTPS connections, as explained hereinafter.
You can define a URL-based scan exclusion as follows:
Enter a specific URL, such as
www.example.com/example.html
In the case of HTTP connections, only the specific URL is excluded from scanning.
For HTTPS connections, adding a specific URL excludes the entire domain and any of its subdomains. Therefore, in this case, you can specify directly the domain to be excluded from scanning.
Use wildcards to define web address patterns.
You can use the following wildcards:
Asterisk (*) substitutes for zero or more characters.
Question mark (
?
) substitutes for exactly one character. You can use several question marks to define any combination of a specific number of characters. For example,???
substitutes for any combination of exactly three characters.
In the following table, you can find several syntax samples for specifying web addresses (URLs).
Syntax
Exception Applicability
www.example*
Any URL starting with
www.example
(regardless of the domain extension).The exclusion will not apply to the subdomains of the specified website, such as
subdomain.example.com
.*example.com
Any URL ending in
example.com
, including subdomains thereof.*example.com*
Any URL that contains the specified string.
*.com
Any website having the
.com
domain extension, including subdomains thereof. Use this syntax to exclude from scanning the entire top-level domains.www.example?.com
Any web address starting with
www.example?.com
, where?
can be replaced with any single character.Such websites might include:
www.example1.com
orwww.exampleA.com
.
Note
You can use protocol-relative URLs.
Application - Excludes from scanning the specified process or application. To define an application scan exclusion:
Enter the name of the executable file of the application to be excluded.
For example, enter
calendar
to exclude the Calendar application,firefox
to exclude the Mozilla Firefox browser, orelectron
to exclude the Visual Studio Code application.Use wildcards to specify any applications matching a certain name pattern.
For example:
c*.exe
matches all applications starting with "c" (chrome.exe).??????.exe
matches all applications with a name that contains six characters (chrome.exe, safari.exe, etc.).[^c]*.exe
matches all application except for those starting with "c".[^ci]*.exe
matches all application except for those starting with "c" or "i".
Note
You do not need to enter a path and the executable file does not have an extension. This is different from exclusions in Antimalware, where you need to specify the entire path.
If needed, add a comment in the Remarks field to make it easier to identify the exclusion later.
Click the Add button at the right side of the table.
To remove an entity from the list, click the corresponding Delete button.