You can configure Windows device users' access to websites through Web Control. Web Control allows you to monitor actions performed by users in the local corporate network, by restricting or blocking their access to websites.
All restricting and blocking activities concerning access to websites are implemented as Web Control rules. A rule is a set of filters and the corresponding action that Kaspersky Endpoint Security Cloud performs when the user visits any of the websites covered by the rule.
By default, the list of Web Control rules contains a number of preset rules. Kaspersky experts consider them suitable for most. If necessary, you can edit them or add new rules, as described in this section.
Web Control monitors user access to websites that is gained using the HTTP protocol. If you enable the Encrypted Connections Scan feature, Web Control also monitors access to websites that is gained using the HTTPS protocol. You can also configure the list of trusted domains. The feature does not control or process encrypted connections made during visits to those domains.
To configure website access rules on Windows devices:
The Security profiles section contains a list of security profiles configured in Kaspersky Endpoint Security Cloud.
The security profile properties window displays settings available for all devices.
All websites are allowed, except for those that you explicitly block in Web Control rules.
All websites are blocked, except for those that you explicitly allow in Web Control rules.
By default, a newly added rule is enabled.
The list of Web Control rules is updated.
After the security profile is applied, Web Control is enabled on Windows devices. User access to websites is governed according to the currently enabled access rules.
To define the settings of a Web Control rule:
You can specify any of the three criteria:
The application scans only websites from the selected categories.
Categorization of websites is provided by Kaspersky Security Network, heuristic analysis, and the database of known websites. This database is included in the set of databases of Kaspersky Endpoint Security for Windows.
The application scans only contents of the selected types.
The application scans only the specified websites.
The specified settings will be applied simultaneously. The application scans only the data of the selected types on the specified websites from the selected categories.
For example, you specify the Violence content category, the Executable files data type, and website http://example.com. In this case, the application scans only executable files at http://example.com and only if the website belongs to the Violence category.
If the specified websites are not included in the website categories that you select for this rule, both websites and website categories will be ignored. That is why we do not recommend configuring individual websites and website categories in a single rule.
Do the following:
The Individual websites page opens.
The New record window opens.
You can use the asterisk (
*) and the
www. characters as masks. For more information about masks for web resource addresses, refer to Kaspersky Endpoint Security for Windows Online Help.
The added web address is displayed in the list on the Individual websites page.
Access to the website is allowed. Rules with this action can be used if the general mode of using Web Control is Default deny.
Access to the website is blocked. Rules with this action can be used if the general mode of using Web Control is Default allow.
Access to the website is allowed, but a warning is displayed to the user.
The defined settings are saved.Page top