Skip to main content

General

On this page, you can configure options such as enabling or disabling functionalities and configure exclusions.

The settings are organized into the following sections:

General settings

  • Intercept Encrypted Traffic - Select this option if you want the Secure Sockets Layer (SSL) web traffic to be inspected by the Bitdefender security agent's protection modules.

    • Scan HTTPS - Select this option if you want to extend SSL scanning to HTTP protocol.

      • The Bitdefender Endpoint Security Tools agent intercepts and scans HTTP/HTTPS on predefined processes on Windows and Mac. Additional processes for Scan HTTPS provides administrators flexibility in scanning custom applications and unsupported browsers.

        Note

        You can add process names separated by semicolons in the Additional processes  field.

    • Scan RDP - Select this option if you want to extend SSL scanning to RDP protocol.

    • Scan FTPS - Select this option to enable outbound traffic monitoring over FTPS protocol on Linux machines.

    • Scan SCP/SSH - Select this option to enable outbound traffic monitoring over SCP and SSH protocols on Linux machines.

    • Exclude finance domains - Select this option to exclude any financial domains from scanning.

    For details on the authentication procedures using SSH keys, refer to SSH PKI authentication on endpoint outbound connections.

    The FTPS protocol defines at least two different ways to start this sequence: explicit (active) security and implicit (passive) security.

    Warning

    Network Attack Defense only works with implicit (passive) security.

  • Intercept TLS Handshake - Select this option if you want the security agent to intercept malicious domains during the TLS Handshake phase, detecting potential threats without decrypting traffic.

    The feature scans outbound processes, excluding those defined in the HTTPS scan settings, and allows you to respond by either denying access to the page or resetting the connection.

    Note

    This feature is compatible only with Windows operating systems.

    • Respond with an Access Denied page - Select this option if you want to display an Access Denied page.

    • Reset connection - Select this option if you want to reset the user's connection. The user will receive an error explaining that the page cannot be accessed.

Exclusions

You can choose to skip certain traffic of being scanned for malware while the Network Protection options are enabled.

Note

These exclusions apply to Traffic Scan and Antiphishing, in the Web Protection section, and to Network Attack Defense, in the Network Attacks section. Data Protection exclusions are configurable separately, in the Content Control section.

On Linux systems, the exclusions are made at the application level, not at the iptables level.

To define an exclusion:

  1. Select the exclusion type from the menu.

  2. Depending on the exclusion type, define the traffic entity to be excluded from scanning as follows:

    • IP/mask - Enter the IP address or the IP mask for which you do not want to scan the incoming and outgoing traffic, which includes network attack techniques.

      You can also exclude vulnerability scanners by adding their IP addresses in this section or by duplicating exclusions created in the Firewall section. For details on Firewall exclusions, refer to the "Block port scans" in Firewall Configuration.

    • URL - Excludes from scanning the specified web addresses. Take into account that URL-based scan exclusions apply differently for HTTP versus HTTPS connections, as explained hereinafter.

      You can define a URL-based scan exclusion as follows:

      1. Enter a specific URL, such as www.example.com/example.html

        • In the case of HTTP connections, only the specific URL is excluded from scanning.

        • For HTTPS connections, adding a specific URL excludes the entire domain and any of its subdomains. Therefore, in this case, you can specify directly the domain to be excluded from scanning.

      2. Use wildcards to define web address patterns.

        You can use the following wildcards:

        • Asterisk (*) substitutes for zero or more characters.

        • Question mark (?) substitutes for exactly one character. You can use several question marks to define any combination of a specific number of characters. For example, ??? substitutes for any combination of exactly three characters.

        In the following table, you can find several syntax samples for specifying web addresses (URLs).

        Syntax

        Exception Applicability

        www.example*

        Any URL starting with www.example (regardless of the domain extension).

        The exclusion will not apply to the subdomains of the specified website, such as subdomain.example.com.

        *example.com

        Any URL ending in example.com, including subdomains thereof.

        *example.com*

        Any URL that contains the specified string.

        *.com

        Any website having the .com domain extension, including subdomains thereof. Use this syntax to exclude from scanning the entire top-level domains.

        www.example?.com

        Any web address starting with www.example?.com, where ? can be replaced with any single character.

        Such websites might include: www.example1.com or www.exampleA.com.

      Note

      You can use protocol-relative URLs.

    • Application - Excludes from scanning the specified process or application. To define an application scan exclusion:

      1. Enter the name of the executable file of the application to be excluded.

        For example, enter calendar to exclude the Calendar application, firefox to exclude the Mozilla Firefox browser, or electron to exclude the Visual Studio Code application.

      2. Use wildcards to specify any applications matching a certain name pattern.

        For example:

        • c*.exe matches all applications starting with "c" (chrome.exe).

        • ??????.exe matches all applications with a name that contains six characters (chrome.exe, safari.exe, etc.).

        • [^c]*.exe matches all application except for those starting with "c".

        • [^ci]*.exe matches all application except for those starting with "c" or "i".

        Note

        You do not need to enter a path and the executable file does not have an extension. This is different from exclusions in Antimalware, where you need to specify the entire path.

  3. Click the add_inline.png Add button at the right side of the table.

To remove an entity from the list, click the corresponding delete_inline.pngDelete button.