The Web Threat Protection component allows you to scan inbound traffic via HTTP, HTTPS, and FTP, websites, and IP addresses, prevent malicious files from being downloaded from the Internet, and block access to phishing, adware, and other malicious websites.
This feature is not supported in the KESL container.
Current connections for intercepted TCP ports are reset when Web Threat Protection is enabled.
By default, the Web Threat Protection task is disabled. However, it is enabled automatically if local management of Web Threat Protection settings has been allowed on the device (a policy is not applied or the "lock" is not set in the policy properties) and one of the following executable browser files, including in snap format, has been detected on the system:
You can enable or disable Web Threat Protection, and also configure the protection settings:
To scan FTP traffic, control of all network ports must be configured in the settings for the encrypted connections scan.
When a website is opened, the application performs the following actions:
You are advised to enable the use of Kaspersky Security Network to help Web Threat Protection work more effectively.
On attempt to open a dangerous website, the application performs the following:
Removing application certificates may cause the Web Threat Protection component to work incorrectly.
Kaspersky Endpoint Security adds a special chain of allowing rules (kesl_bypass) to the list in the mangle table of the iptables and ip6tables utilities. This chain of allowing rules makes it possible to exclude traffic from scans by the application. If traffic exclusion rules are configured in the chain, they affect the operation of the Web Threat Protection component.