Web Threat Protection

While the Web Threat Protection task is running, Kaspersky Endpoint Security scans the inbound traffic and prevents downloads of malicious files from the Internet and also blocks malicious, phishing, adware, or other dangerous websites.

Kaspersky Endpoint Security scans HTTP, HTTPS, and FTP traffic. Also, the application scans websites and IP addresses. You can specify certain network ports or ranges of network ports to be monitored.

To monitor HTTPS traffic, you have to enable encrypted connection scan.

To monitor FTP traffic, you have to select the Monitor all network ports check box.

On attempt to open a dangerous website, Kaspersky Endpoint Security performs the following:

For HTTP or FTP traffic, the application blocks access and shows a warning message.
For HTTPS traffic, a browser displays an error page.

When a website is opened, the Web Threat Protection task performs the following:

Checks the website security by using the downloaded anti-virus databases.
Checks the website security by using heuristic analysis, if enabled.
During heuristic analysis, Kaspersky Endpoint Security analyzes the activity of applications in the operating system. Heuristic analysis can detect dangerous objects for which there are currently no records in the Kaspersky Endpoint Security databases.
Checks the website security in Kaspersky Security Network, if enabled.
You are advised to participate in Kaspersky Security Network to help Web Threat Protection work more effectively.
Blocks or allows opening of the website.

The Web Threat Protection task is started by default on Kaspersky Endpoint Security start.

Web Threat Protection settings

Setting	Description
Web Threat Protection enabled / disabled	This toggle button enables or disables the Web Threat Protection component. This toggle button is switched on by default.
Action on threat detection	In this section, you can specify an action that Kaspersky Endpoint Security performs on the web resources where a dangerous object was detected: Inform the user when a dangerous object is detected in web traffic. The Web Threat Protection component allows this object to be downloaded to the computer. Kaspersky Endpoint Security logs information about the dangerous object and adds information about the dangerous object to the list of active threats. Block access to any dangerous object detected in web traffic, displays a notification about the blocked access attempt, and logs information about the dangerous object. The Block action is selected by default.
Detect malicious objects	This check box enables or disables checking of links against the databases of malicious web addresses. This check box is selected by default.
Detect phishing links	This check box enables or disables checking of links against the databases of phishing web addresses. This check box is selected by default.
Use heuristic analysis for detecting phishing links	This check box enables or disables the use of heuristic analysis for detecting phishing links. This check box is available if the Detect phishing links check box is selected, and is selected by default.
Detect adware	This check box enables or disables checking links against the databases of adware web addresses. This check box is cleared by default.
Detect legitimate applications that may be used by hackers to harm devices or data	This check box enables or disables checking links against the databases of legitimate applications that can be used by hackers to harm devices or data. This check box is cleared by default.
Trusted web addresses	This table contains addresses of URLs and web pages whose content you trust. You can add only HTTP/HTTPS web addresses to the list of trusted web addresses. By default, the table is empty. You can add, edit, and delete web addresses. Clicking the Delete button removes the selected item from the table. This button is available if at least one item is selected in the table. Clicking the item name opens the window, where you can modify parameters for the selected item. Clicking the Add button opens the window, where you can specify parameters for a new item.

Page top