Monitoring user Internet activity

Kaspersky Endpoint Security lets you log data on user visits to all websites, including allowed websites. This enables you to obtain the complete history of browser views. Kaspersky Endpoint Security sends user activity events to Kaspersky Security Center, to the local log of Kaspersky Endpoint Security, and to the Windows Event log. To receive events in Kaspersky Security Center, you need to configure the settings of events in a policy in the Administration Console or Web Console. You can also configure the transmission of Web Control events by email and the display of on-screen notifications on the user's computer.

For HTTPS traffic monitoring, you need to enable encrypted connections scan.

Kaspersky Endpoint Security creates the following user Internet activity events:

• Block the website (Critical events status ).
• Visit to a non-recommended website (Warnings status ).
• Visit to an allowed website (Informational messages status ).

To configure logging of Web Control events on the user's computer:

1. In the main application window, click the Settings button.
2. In the application settings window, select General Settings → Interface.
3. In the Notifications section, click the Settings button.
4. In the opened window, select the Web Control section.

   This opens the table of Web Control events and notification methods.

5. Configure the notification method for each event: Save in local report or Save in Windows Event Log.

   To log allowed website visit events, you need to also configure Web Control (see the instructions below).

   In the events table, you can also enable an on-screen notification and an email notification. To send notifications by email, you need to configure the SMTP server settings. For more details about sending notifications by email, please refer to Kaspersky Security Center Help.

6. Save your changes.

As a result, Kaspersky Endpoint Security begins logging user Internet activity events.

Web Control sends user activity events to Kaspersky Security Center as follows:

• If you are using Kaspersky Security Center, Web Control sends events for all the objects that make up the web page. For this reason, multiple events may be created when one web page is blocked. For example, when blocking the web page http://www.example.com, Kaspersky Endpoint Security may relay events for the following objects: http://www.example.com, http://www.example.com/icon.ico, http://www.example.com/file.js, etc.
• If you are using the Kaspersky Security Center Cloud Console, Web Control groups events and sends only the protocol and domain of the website. For instance, if a user visits non-recommended web pages http://www.example.com/main, http://www.example.com/contact, and http://www.example.com/gallery, Kaspersky Endpoint Security will send only one event with the http://www.example.com object.

To enable logging of events for visiting allowed websites:

1. In the main application window, click the Settings button.
2. In the application settings window, select Security Controls → Web Control.
3. Click the Advanced settings button.
4. In the opened window, select the Log the opening of allowed pages check box.
5. Save your changes.

As a result, you will be able to view the full browser history.

Page top