Web Threat Protection

The Web Threat Protection component allows you to scan inbound traffic via HTTP, HTTPS, and FTP, websites, and IP addresses, prevent malicious files from being downloaded from the Internet, and block access to phishing, adware, and other malicious websites.

This feature is not supported in the KESL container.

Current connections for intercepted TCP ports are reset when Web Threat Protection is enabled.

By default, the Web Threat Protection task is disabled. However, it is enabled automatically if local management of Web Threat Protection settings has been allowed on the device (a policy is not applied or the "lock" is not set in the policy properties) and one of the following executable browser files, including in snap format, has been detected on the system:

You can enable or disable Web Threat Protection, and also configure the protection settings:

When a website is opened, the application performs the following actions:

  1. Checks the website security using the downloaded application databases.
  2. Checks the website security using heuristic analysis, if enabled.
  3. Checks the trustworthiness of a website using Kaspersky reputation databases if the use of Kaspersky Security Network is enabled.

    You are advised to enable the use of Kaspersky Security Network to help Web Threat Protection work more effectively.

  4. Blocks or allows opening of the website.

On attempt to open a dangerous website, the application performs the following:

Removing application certificates may cause the Web Threat Protection component to work incorrectly.

Kaspersky Endpoint Security adds a special chain of allowing rules (kesl_bypass) to the list in the mangle table of the iptables and ip6tables utilities. This chain of allowing rules makes it possible to exclude traffic from scans by the application. If traffic exclusion rules are configured in the chain, they affect the operation of the Web Threat Protection component.

In this Help section

Configuring Web Threat Protection in the Web Console

Configuring Web Threat Protection in the Administration Console

Configuring Web Threat Protection in the command line

Page top