Configuring malicious web address detection methods
Web Threat Protection detects malicious web addresses using anti-virus databases, the Kaspersky Security Network cloud service, and heuristic analysis.
You can select malicious web address detection methods only in Administration Console (MMC) or the local interface of the application. You cannot select malicious web address detection methods in Web Console or Cloud Console. The default option is checking web addresses against the database of malicious addresses with heuristic analysis (medium scan).
Scanning using the database of malicious addresses
Scanning the links to determine whether they are included in the database of malicious web addresses allows you to track websites that have been added to denylist. The database of malicious web addresses is maintained by Kaspersky, included in the application installation package, and updated during Kaspersky Endpoint Security database updates.
Kaspersky Endpoint scans all links to determine if they are listed in databases of malicious web addresses. The application's secure connection scan settings do not affect the link scanning functionality. In other words, if encrypted connections scan is disabled, Kaspersky Endpoint Security checks links against databases of malicious web addresses even if network traffic is transmitted over an encrypted connection.
How to enable or disable the checking of web addresses against the database of malicious web addresses using the Administration Console (MMC)
- Open the Kaspersky Security Center Administration Console.
- In the console tree, select Policies.
- Select the necessary policy and double-click to open the policy properties.
- In the policy window, select Essential Threat Protection → Web Threat Protection.
- In the Security level block, click the Settings button.
- In the window that opens, in the Scan methods block, select or clear the Check the web address against the database of malicious web addresses check box to enable or disable the checking of addresses against the database of malicious web addresses.
- Save your changes.
How to enable or disable the checking of addresses against the malicious address database in the application interface
- In the main application window, click the button.
- In the application settings window, select Essential Threat Protection → Web Threat Protection.
- Click Advanced Settings.
- In the Scan methods block, select or clear the Check the web address against the database of malicious web addresses check box to enable or disable the checking of addresses against the database of malicious web addresses.
- Save your changes.
Heuristic analysis
During heuristic analysis, Kaspersky Endpoint Security analyzes the activity of applications in the operating system. Heuristic analysis can detect threats for which there are currently no records in the Kaspersky Endpoint Security databases.
When web traffic is scanned for viruses and other applications that present a threat, the heuristic analyzer performs instructions in the executable files. The number of instructions that are executed by the heuristic analyzer depends on the level that is specified for the heuristic analyzer. The heuristic analysis level ensures a balance between the thoroughness of searching for new threats, the load on the resources of the operating system, and the duration of heuristic analysis.
How to enable or disable the use of heuristic analysis in the Administration Console (MMC)
- Open the Kaspersky Security Center Administration Console.
- In the console tree, select Policies.
- Select the necessary policy and double-click to open the policy properties.
- In the policy window, select Essential Threat Protection → Web Threat Protection.
- In the Security level block, click the Settings button.
- In the window that opens, in the Scan methods block, select the Use heuristic analysis check box if you want the application to use heuristic analysis when scanning web traffic for viruses and other malware.
- Use the slider to set the heuristic analysis level: light scan, medium scan or deep scan.
When web traffic is scanned for viruses and other applications that present a threat, the heuristic analyzer performs instructions in the executable files. The number of instructions that are executed by the heuristic analyzer depends on the level that is specified for the heuristic analyzer. The heuristic analysis level ensures a balance between the thoroughness of searching for new threats, the load on the resources of the operating system, and the duration of heuristic analysis.
- Save your changes.
How to enable or disable the use of heuristic analysis in the application interface
- In the main application window, click the button.
- In the application settings window, select Essential Threat Protection → Web Threat Protection.
- Click Advanced Settings.
- In the Scan methods block, select the Use heuristic analysis check box if you want the application to use heuristic analysis when scanning web traffic for viruses and other malware.
When web traffic is scanned for viruses and other applications that present a threat, the heuristic analyzer performs instructions in the executable files. The number of instructions that are executed by the heuristic analyzer depends on the level that is specified for the heuristic analyzer. The heuristic analysis level ensures a balance between the thoroughness of searching for new threats, the load on the resources of the operating system, and the duration of heuristic analysis.
- Save your changes.
Page top