Web Control
Web Control manages users' access to web resources. This helps reduce traffic and inappropriate use of work time. When a user tries to open a website that is restricted by Web Control, Kaspersky Endpoint Security will block access or show a warning (see the figure below).
Kaspersky Endpoint Security monitors only HTTP- and HTTPS traffic.
For HTTPS traffic monitoring, you need to enable encrypted connections scan.
Methods for managing access to websites
Web Control lets you configure access to websites by using the following methods:
- Website category. Websites are categorized according to the Kaspersky Security Network cloud service, heuristic analysis, and the database of known websites (included in application databases). You can restrict users' access, for example, to the "Social networks" category or to other categories.
- Data type. You can restrict users' access to data on a website, and hide graphic images, for example. Kaspersky Endpoint Security determines the data type based on the file format and not based on its extension.
Kaspersky Endpoint Security does not scan files within archives. For example, if image files were placed in an archive, Kaspersky Endpoint Security identifies the "Archives" data type and not "Graphic files".
- Individual address. You can enter a web address or use masks.
You can simultaneously use multiple methods for regulating access to websites. For example, you can restrict access to the "Office files" data type just for the "Web-based email" website category.
Website access rules
Web Control manages users' access to websites by using access rules. You can configure the following advanced settings for a website access rule:
- Users to which the rule applies.
For example, you can restrict Internet access through a browser for all users of the company except the IT department.
- Rule schedule.
For example, you can restrict Internet access through a browser during working hours only.
Access rule priorities
Each rule has a priority. The higher a rule is on the list, the higher its priority. If a website has been added to multiple rules, Web Control regulates access to the website based on the rule with the highest priority. For example, Kaspersky Endpoint Security may identify a corporate portal as a social network. To restrict access to social networks and provide access to the corporate web portal, create two rules: one block rule for the "Social networks" website category and one allow rule for the corporate web portal. The access rule for the corporate web portal must have a higher priority than the access rule for social networks.
Web Control messages
Web Control component settings
Parameter |
Description |
|---|---|
Rule List |
List containing web resource access rules. Each rule has a priority. The higher a rule is on the list, the higher its priority. If a website has been added to multiple rules, Web Control regulates access to the website based on the rule with the highest priority. |
Default rule |
The Default rule is a rule for accessing web resources that are not covered by any other rule. The following options are available:
|
Message templates |
|
Log the opening of allowed pages |
Kaspersky Endpoint Security logs data on visits to all websites, including allowed websites. Kaspersky Endpoint Security sends events to Kaspersky Security Center, to the local log of Kaspersky Endpoint Security, and to the Windows Event log. To monitor user Internet activity, you need to configure the settings for saving events. Monitoring user Internet activity may require more computer resources when decrypting HTTPS traffic. |