Web Control

Web Control manages users' access to web resources. This helps reduce traffic and inappropriate use of work time. When a user tries to open a website that is restricted by Web Control, Kaspersky Endpoint Security will block access or show a warning (see the figure below).

Kaspersky Endpoint Security monitors only HTTP- and HTTPS traffic.

For HTTPS traffic monitoring, you need to enable encrypted connections scan.

Methods for managing access to websites

Web Control lets you configure access to websites by using the following methods:

You can simultaneously use multiple methods for regulating access to websites. For example, you can restrict access to the "Office files" data type just for the "Web-based email" website category.

Website access rules

Web Control manages users' access to websites by using access rules. You can configure the following advanced settings for a website access rule:

Access rule priorities

Each rule has a priority. The higher a rule is on the list, the higher its priority. If a website has been added to multiple rules, Web Control regulates access to the website based on the rule with the highest priority. For example, Kaspersky Endpoint Security may identify a corporate portal as a social network. To restrict access to social networks and provide access to the corporate web portal, create two rules: one block rule for the "Social networks" website category and one allow rule for the corporate web portal. The access rule for the corporate web portal must have a higher priority than the access rule for social networks.

Web Control messages

Web Control component settings

Parameter

Description

Rules of access to web resources

List containing web resource access rules. Each rule has a priority. The higher a rule is on the list, the higher its priority. If a website has been added to multiple rules, Web Control regulates access to the website based on the rule with the highest priority.

Default rule

The Default rule is a rule for accessing web resources that are not covered by any other rule. The following options are available:

  • Allow all except the rules list, also known as denylist mode for prohibited websites.
  • Deny everything except the rules list, also known as allowlist mode for allowed websites.

Message templates

  • Warning. The entry field consists of a template of the message that is displayed if a rule for warning about attempts to access an unwanted web resource is triggered.
  • Message about blocking. The entry field contains the template of the message that appears if a rule which blocks access to a web resource is triggered.
  • Message to administrator. The entry field contains the template of the message to be sent to the LAN administrator if the user considers the block to be a mistake.

Log the opening of allowed pages

Kaspersky Endpoint Security logs data on visits to all websites, including allowed websites. Kaspersky Endpoint Security sends events to Kaspersky Security Center, to the local log of Kaspersky Endpoint Security, and to the Windows Event log. To monitor user Internet activity, you need to configure the settings for saving events.

Monitoring user Internet activity may require more computer resources when decrypting HTTPS traffic.

See also: Managing the application via the local interface

Enabling and disabling Web Control

Actions with web resource access rules

Migrating web resource access rules from previous versions of the application

Exporting and importing the list of web resource addresses

Monitoring user Internet activity

Editing masks for web resource addresses

Editing templates of Web Control messages

Appendix 3. Web resource content categories

Page top