By default, on detection of an infected object in web traffic, the Web Threat Protection component blocks access to the object and displays a notification about the action.
To change the action to take on malicious web traffic objects:
If this option is selected, on detecting an infected object in web traffic, the Web Threat Protection component blocks access to the object, displays a notification about the blocked access attempt, and makes a log entry with information about the infected object.
If this option is selected and an infected object is detected in the web traffic, the Web Threat Protection component allows this object to be downloaded to the computer; Kaspersky Endpoint Security logs an event containing information about the infected object and adds information about the infected object to the list of active threats.