You can configure Windows device users' access to websites through Web Control. Web Control allows you to monitor actions performed by users in the local corporate network, by restricting or blocking their access to websites.
All restricting and blocking activities concerning access to websites are implemented as Web Control rules. A rule is a set of filters and the corresponding action that Kaspersky Endpoint Security Cloud performs when the user visits any of the websites covered by the rule.
By default, the list of Web Control rules contains a number of preset rules. Kaspersky experts consider them suitable for most. If necessary, you can edit them or add new rules, as described in this section.
Web Control monitors user access to websites that is gained using the HTTP protocol. If you enable the Encrypted Connections Scan feature, Web Control also monitors access to websites that is gained using the HTTPS protocol. You can also configure the list of trusted domains. The feature does not control or process encrypted connections made during visits to those domains.
To configure website access rules on Windows devices:
The Security profiles section contains a list of security profiles configured in Kaspersky Endpoint Security Cloud.
The security profile properties window displays settings available for all devices.
All websites are allowed, except for those that you explicitly block in Web Control rules.
All websites are blocked, except for those that you explicitly allow in Web Control rules.
In the window that opens, edit the message template text. In the text, you can use the following variables:
%USER_NAME%
Name of the current user of the device, in the <device name>
\
<user alias>
format (for example "DESKTOP-123\John.Smith").
%CANONIC_REQUEST_URL%
URL of the website that the user attempted to gain access to.
%RULE%
Name of the Web Control rule that blocked the website access attempt.
%COMPLAIN_EMAIL%
Link to send feedback about the website blocking. When the user clicks this link, a separate window opens where he or she can compose a message to you or another administrator about the website blocking.
%CONTENT_CATEGORY_LIST%
List of website categories in the Web Control rule that blocked the website access attempt.
%TYPE_CATEGORY_LIST%
List of data types in the Web Control rule that blocked the website access attempt.
[URL=
<website address>
]
<link text>
[/URL]
Link to a website. For example, this can be an intranet web page with additional information about Web Control rules.
Here,
<website address>
—URL address of the website.<link text>
—Optional text that will be displayed over the URL.For example, [URL=https://example.com/webcontrol]
List of Web Control Rules
[/URL]
. As a result, the message to the user will contain this link as follows: List of Web Control Rules.
By default, a newly added rule is enabled.
The list of Web Control rules is updated.
After the security profile is applied, Web Control is enabled on Windows devices. User access to websites is governed according to the currently enabled access rules.
To define the settings of a Web Control rule:
You can specify any of the three criteria:
The application scans only websites from the selected categories.
Categorization of websites is provided by Kaspersky Security Network, heuristic analysis, and the database of known websites. This database is included in the set of databases of Kaspersky Endpoint Security for Windows.
The application scans only contents of the selected types.
The application scans only the specified websites.
The specified settings will be applied simultaneously. The application scans only the data of the selected types on the specified websites from the selected categories.
For example, you specify the Violence content category, the Executable files data type, and website http://example.com. In this case, the application scans only executable files at http://example.com and only if the website belongs to the Violence category.
If the specified websites are not included in the website categories that you select for this rule, both websites and website categories will be ignored. That is why we do not recommend configuring individual websites and website categories in a single rule.
Do the following:
The Individual websites page opens.
The New record window opens.
You can use the asterisk (*
) and the www.
characters as masks. For more information about masks for web resource addresses, refer to Kaspersky Endpoint Security for Windows Help.
The added web address is displayed in the list on the Individual websites page.
Access to the website is allowed. Rules with this action can be used if the general mode of using Web Control is Default deny.
Access to the website is blocked. Rules with this action can be used if the general mode of using Web Control is Default allow.
Access to the website is allowed, but a warning is displayed to the user.
The defined settings are saved.
Page top