ESET Online Help

Search English
Select the topic

HTTPS traffic scanning

ESET Endpoint Antivirus for Linux can check for threats in communication that use the SSL and TLS protocols. You can use different scanning modes to examine SSL-protected communication with trusted certificates, unknown certificates, or certificates excluded from SSL-protected communication checking. The program will only scan traffic on ports (443, 0–65535) defined in Ports used by the HTTPS protocol.

Enable SSL/TLS—SSL/TLS protocol filtering is enabled by default.

SSL/TLS mode—You can choose from 2 options:

Policy mode—All SSL/TLS connections are filtered, except configured exclusions.

Automatic mode—Only SSL/TLS connections supported below are filtered, except configured exclusions.

Automatic mode SSL/TLS supports the following browsers and applications:

Edge

Firefox

Chrome

Chromium

 

wget

curl


note

Browser or application needs to be installed by default distribution package manager. Initial start is necessary for browsers integration.

Application scan rules—Create a list of SSL/TLS filtered applications to customize ESET Endpoint Antivirus for Linux behavior for specific applications.

Certificate rules—Create a list of known certificates to customize ESET Endpoint Antivirus for Linux behavior for specific SSL certificates.

Do not scan traffic with domains trusted by ESET—When enabled, communication with trusted domains will be excluded from checking. The trustworthiness of a domain is determined by a built-in whitelist.

Block traffic encrypted by obsolete SSL—Communication using an earlier version of the SSL protocol will be blocked automatically.

Ports used by HTTPS protocol—Specifies the ports to scan traffic. Multiple port numbers must be delimited by a comma. Default value: 443, 0-65535

Root certificate

For SSL/TLS communication to work properly in the supported applications, the ESET root certificate is automatically added to the list of known root certificates (publishers).

Certificate validity

If the certificate trust cannot be established—In some cases, a website certificate cannot be verified using the Trusted Root Certification Authorities (TRCA) store. This means that the certificate is signed by someone (for example, the administrator of a web server or a small business) and considering this certificate as trusted is not always a risk. Most large businesses (for example banks) use a certificate signed by the TRCA. If Ask about certificate validity is selected (selected by default), the user will be prompted to select an action to take when encrypted communication is established. You can select Block communication that uses the certificate to always terminate encrypted connections to sites with unverified certificates.