Configuring access to websites on Windows devices

You can configure Windows device users' access to websites through Web Control. Web Control allows you to monitor actions performed by users in the local corporate network, by restricting or blocking their access to websites.

All restricting and blocking activities concerning access to websites are implemented as Web Control rules. A rule is a set of filters and the corresponding action that Kaspersky Endpoint Security Cloud performs when the user visits any of the websites covered by the rule.

By default, the list of Web Control rules contains a number of preset rules. Kaspersky experts consider them suitable for most. If necessary, you can edit them or add new rules, as described in this section.

Web Control monitors user access to websites that is gained using the HTTP protocol. If you enable the Encrypted Connections Scan feature, Web Control also monitors access to websites that is gained using the HTTPS protocol. You can also configure the list of trusted domains. The feature does not control or process encrypted connections made during visits to those domains.

To configure website access rules on Windows devices:

Open Kaspersky Endpoint Security Cloud Management Console.
Select the Security management → Security profiles section.
The Security profiles section contains a list of security profiles configured in Kaspersky Endpoint Security Cloud.
In the list, select the security profile for the devices on which you want to configure the website access rule.
Click the link with the profile name to open the security profile properties window.
The security profile properties window displays settings available for all devices.
In the Windows group, select the Management settings section.
Set the toggle switch to Web Control is enabled.
In Access mode, select the general mode of using Web Control:
- Default allow
  All websites are allowed, except for those that you explicitly block in Web Control rules.
- Default deny
  All websites are blocked, except for those that you explicitly allow in Web Control rules.
To edit the template of the message that will be displayed to a user when he or she attempts to access a blocked website, click the Message about website blocking link.
In the window that opens, edit the message template text. In the text, you can use the following variables:
- %USER_NAME%
  Name of the current user of the device, in the <device name>\<user alias> format (for example "DESKTOP-123\John.Smith").
- %CANONIC_REQUEST_URL%
  URL of the website that the user attempted to gain access to.
- %RULE%
  Name of the Web Control rule that blocked the website access attempt.
- %COMPLAIN_EMAIL%
  Link to send feedback about the website blocking. When the user clicks this link, a separate window opens where he or she can compose a message to you or another administrator about the website blocking.
- %CONTENT_CATEGORY_LIST%
  List of website categories in the Web Control rule that blocked the website access attempt.
- %TYPE_CATEGORY_LIST%
  List of data types in the Web Control rule that blocked the website access attempt.
- [URL=<website address>]<link text>[/URL]
  Link to a website. For example, this can be an intranet web page with additional information about Web Control rules.
  
  Here,
  - <website address>—URL address of the website.
  - <link text>—Optional text that will be displayed over the URL.
  For example, [URL=https://example.com/webcontrol]List of Web Control Rules[/URL]. As a result, the message to the user will contain this link as follows: List of Web Control Rules.
Do any of the following:
- To add a Web Control rule:
  1. Click the Add button.
  2. In the New record window that opens, define the rule settings, as described later in this section.
  3. Click OK to close the New record window.
- To enable or disable an added Web Control rule, set the toggle switch next to that rule to the desired state:
  - If the toggle switch is green, the rule is enabled. Web Control performs the action specified by the rule when the user attempts to open a website.
    By default, a newly added rule is enabled.
  - If the toggle switch is gray, the rule is disabled. Web Control does not perform the action specified by the rule, even when the user attempts to open a website.
- To edit an added Web Control rule:
  1. Select the check box next to the required rule.
  2. Click the Edit button.
  3. In the New record window that opens, define the new settings of the rule, as described later in this section.
  4. Click OK to close the New record window.
- To delete a Web Control rule that was added:
  1. Select the check box next to the required rule.
  2. Click the Delete button.
Click Save to save the changes.

The list of Web Control rules is updated.

After the security profile is applied, Web Control is enabled on Windows devices. User access to websites is governed according to the currently enabled access rules.

To define the settings of a Web Control rule:

Start adding or editing a rule, as described earlier in this section.
In the Name field, enter the name of the rule.
Select the criteria to be applied to websites.
You can specify any of the three criteria:
- Website categories
  The application scans only websites from the selected categories.
  
  Categorization of websites is provided by Kaspersky Security Network, heuristic analysis, and the database of known websites. This database is included in the set of databases of Kaspersky Endpoint Security for Windows.
- Data types
  The application scans only contents of the selected types.
- Individual websites
  The application scans only the specified websites.
The specified settings will be applied simultaneously. The application scans only the data of the selected types on the specified websites from the selected categories.

For example, you specify the Violence content category, the Executable files data type, and website http://example.com. In this case, the application scans only executable files at http://example.com and only if the website belongs to the Violence category.

If the specified websites are not included in the website categories that you select for this rule, both websites and website categories will be ignored. That is why we do not recommend configuring individual websites and website categories in a single rule.

Do the following:
1. To configure website categories to be scanned:
  1. Click Settings in the Website categories section.
  2. In the window that opens, select the check boxes next to the required website categories.
  3. Click OK to save the changes.
2. To configure data types to be scanned:
  1. Click Settings in the Data types section.
  2. In the window that opens, select the check boxes next to the required data types.
  3. Click OK to save the changes.
3. To configure specific websites to be scanned:
  1. Click the Settings link in the Individual websites section.
    The Individual websites page opens.
  2. Click the Add button to add a new website.
    The New record window opens.
  3. Specify the full path to the website.
    You can use the asterisk (*) and the www. characters as masks. For more information about masks for web resource addresses, refer to Kaspersky Endpoint Security for Windows Help.
  4. Click OK to save the changes.
    The added web address is displayed in the list on the Individual websites page.
  5. If necessary, edit or delete added websites.
  6. Click OK to save the changes.
In the Action section, select the action that Kaspersky Endpoint Security Cloud must perform when the user attempts to gain access to websites that match the selected criteria:
- Allow
  Access to the website is allowed. Rules with this action can be used if the general mode of using Web Control is Default deny.
- Block
  Access to the website is blocked. Rules with this action can be used if the general mode of using Web Control is Default allow.
- Warn
  Access to the website is allowed, but a warning is displayed to the user.
Click OK to save the changes.

The defined settings are saved.

Page top