We are demoing the trial of Kaspersky Business Space and I've run into a little snag. We need to scan encrypted mail connections, specifically port 587 for SMTP TLS and port 993 for IMAP4 SSL. With encryption scanning turned on I get the notice in Outlook that it can't verify the certificate source. Apparently, Kaspersky uses certificate substitution to accomplish scanning encrypted connections. I found a work around by importing the substituted cert (from the user's profile directory) into the trusted root certificate store. This solved the problem immediately. However, I am looking at deploying Kaspersky network wide and can't really go around to every single workstation and do this import. Is it possible to take the "fake" certificate and distribute it with a GPO? I suppose I am also asking if the "fake" cert is identical from machine to machine if the mail certificate is the same from machine to machine. Any input would be appreciated.

Thanks,

Brandon Schultz

I'm sure that the best way to find a solution for you is contact to support team in your region (by phone or through personal cabinet). Trial corporate users are also supported by us.

Kaspersky support tells me that they do not support distributing the certs. And apparently this cannot be done in any manner whatsoever. As a test I tried simply copying the "fake" cert from one machine to another, importing it, but then Outlook doesn't recognize it. On further inspection it looks like the thumbprints do not match, so I suppose that's the problem. Bummer. I was hoping I'd be able to manage this with a domain policy.