Web Threat Protection task (Web_Threat_Protection, ID:14)
While the Web Threat Protection task is running, the application scans incoming traffic, prevents download of malicious files from the Internet, and blocks access to phishing, advertising, and other dangerous websites. The application scans traffic transmitted via HTTP, HTTPS and FTP protocols. Also, the application scans websites and IP addresses. You can specify network ports or network port ranges to be monitored.
During heuristic analysis, Kaspersky Endpoint Security analyzes the activity of applications in the operating system. Heuristic analysis can detect dangerous objects for which there are currently no records in Kaspersky Endpoint Security databases.
Checks the website's security using Kaspersky Security Network, if it is enabled.
You are advised to participate in Kaspersky Security Network to help Web Threat Protection work more effectively.
Blocks or allows opening of the website.
On attempt to open a dangerous website, the application performs the following:
For HTTP or FTP traffic, the application blocks access and shows a warning message.
For HTTPS traffic, a browser displays an error page.
The table describes all available values and default values of all the settings that you can specify for the Web Threat Protection task.
Web Threat Protection task settings
Setting
Description
Values
ActionOnDetect
Specifies the action to be performed upon detection of an infected object in web traffic.
Notify — Allow the detected object to be downloaded, display a notification about the blocked access attempt, and log information about the infected object.
Block (default value) — Block access to the detected object, display a notification about the blocked access attempt, and log information about the infected object.
CheckMalicious
Specifies whether links will be checked against the database of malicious web addresses.
Yes (default value) — Check if the links are listed in the malicious links database.
No — Do not check if the links are listed in the malicious links database.
CheckPhishing
Specifies whether links will be checked against the database of phishing web addresses.
Yes (default value) — Check if the links are listed in the phishing links database.
No — Do not check if the links are listed in the phishing links database.
UseHeuristicForPhishing
Specifies whether heuristic analysis must be used to scan web pages for phishing links.
Yes (default value) — Use heuristic analysis to detect phishing links. If this value is specified, the level of heuristic analysis is Light (the least thorough scan with minimal load on the system). You cannot change the heuristic analysis level for the Web Threat Protection task.
No — Do not use heuristic analysis to detect phishing links.
CheckAdware
Specifies whether links must be checked against the database of adware web addresses.
Yes — Check if the links are listed in the adware links database.
No (default value) — Do not check if the links are listed in the adware links database.
CheckOther
Specifies whether links must be checked against the database of web addresses that contain legal software that may be used by criminals to damage your computer or personal data.
Yes — Check if the links are listed in the database of web addresses that contain legal software that may be used by intruders to damage your computer or personal data.
No (default value) — Do not check if the links are listed in the database of web addresses that contain legal software that may be used by intruders to damage your computer or personal data.
UseTrustedAddresses
Enables or disables the usage of a list of trusted web addresses. The application does not analyze information from trusted web addresses to check them for viruses or other dangerous objects. You can specify trusted web addresses using the TrustedAddresses.item_# setting.
Yes (default value) — Use a list of trusted web addresses.
No — Do not use a list of trusted web addresses.
TrustedAddresses.item_#
Specifies trusted web addresses. You can use masks to specify web addresses.
You can use the * (asterisk) character to create a file or directory name mask.
You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.
You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.
The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.
To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).
The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.
You can use a single ? character to represent any one character in the file or directory name.