ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Does the EDR scan HTTPS traffic if it is decrypted?


Article ID: 224160


Updated On:


Advanced Threat Protection Platform Endpoint Detection and Response


Customers may have a configuration where they decrypt inbound HTTPS traffic using outbound HTTPS traffic. 

The questions are:

Does the EDR scan decrypted HTTPS traffic?

How do you scan the decrypted traffic?



Because the HTTPS protocol is assumed to be encrypted, the EDR does not scan this traffic.


All available versions of EDR.


The EDR does scan the HTTP traffic.  Therefore, the traffic must be converted to HTTP traffic for the EDR to detect any attacks.

Additional Information

We recommend you review the capabilities of the SSL Visibility Appliance (SSLv) as an integration solution with the EDR.