By default, the Web Threat Protection component is enabled and runs in the mode recommended by Kaspersky experts. For Web Threat Protection, Kaspersky Endpoint Security can apply different groups of settings. These groups of settings that are stored in the application are called security levels: High, Recommended, Low. The Recommended web traffic security level settings are considered to be the optimal settings recommended by Kaspersky experts (see the table below). You can select one of the pre-installed security levels for web traffic that is received or transmitted via the HTTP and FTP protocols, or configure a custom web traffic security level. If you change the web traffic security level settings, you can always revert to the recommended web traffic security level settings.
You can select or configure the security level only in Administration Console (MMC) or the local interface of the application. You cannot select or configure the security level in Web Console or Cloud Console.
Open the Kaspersky Security Center Administration Console.
In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
In the workspace, select the Policies tab.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select Essential Threat Protection → Web Threat Protection.
Use the Web Threat Protection check box to enable or disable the component.
If you enabled the component, do one of the following in the Security level block:
If you want to apply one of the preset security levels, select it with the slider:
High. The security level under which the Web Threat Protection component performs maximum scanning of web traffic that the computer receives over the HTTP and FTP protocols. Web Threat Protection performs detailed scanning of all web traffic objects by using the full set of application databases, and performs the deepest possible heuristic analysis.
The technology was developed for detecting threats that cannot be detected by using the current version of Kaspersky application databases. It detects files that may be infected with an unknown virus or a new variety of a known virus.
Recommended. The security level that provides the optimal balance between the performance of Kaspersky Endpoint Security and the security of web traffic. The Web Threat Protection component performs heuristic analysis at the medium scan level. This web traffic security level is recommended by Kaspersky specialists. The values of settings for the recommended security level are provided in the table below.
Low. The settings of this web traffic security level ensure the maximum web traffic scanning speed. The Web Threat Protection component performs heuristic analysis at the medium scan level.
If you want to configure a custom security level, click the Settings button and define your own component settings.
You can restore the values of preset security levels by clicking the Default button under Security level.
In the Action on threat detection block, select the action that Kaspersky Endpoint Security performs on malicious web traffic objects:
Block download. If this option is selected and an infected object is detected in web traffic, the Web Threat Protection component blocks access to the object and displays a message in the browser.
Inform. If this option is selected and an infected object is detected in web traffic, Kaspersky Endpoint Security allows this object to be downloaded to the computer but adds information about the infected object to the list of active threats.
In the main window of the Web Console, select Devices → Policies & Profiles.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Essential Threat Protection → Web Threat Protection.
Use the Web Threat Protection toggle to enable or disable the component.
In the Action on threat detection block, select the action that Kaspersky Endpoint Security performs on malicious web traffic objects:
Block download. If this option is selected and an infected object is detected in web traffic, the Web Threat Protection component blocks access to the object and displays a message in the browser.
Inform. If this option is selected and an infected object is detected in web traffic, Kaspersky Endpoint Security allows this object to be downloaded to the computer but adds information about the infected object to the list of active threats.
In the application settings window, select Essential Threat Protection → Web Threat Protection.
Use the Web Threat Protection toggle to enable or disable the component.
If you enabled the component, do one of the following in the Security level block:
If you want to apply one of the preset security levels, select it with the slider:
High. The security level under which the Web Threat Protection component performs maximum scanning of web traffic that the computer receives over the HTTP and FTP protocols. Web Threat Protection performs detailed scanning of all web traffic objects by using the full set of application databases, and performs the deepest possible heuristic analysis.
Recommended. The security level that provides the optimal balance between the performance of Kaspersky Endpoint Security and the security of web traffic. The Web Threat Protection component performs heuristic analysis at the medium scan level. This web traffic security level is recommended by Kaspersky specialists. The values of settings for the recommended security level are provided in the table below.
Low. The settings of this web traffic security level ensure the maximum web traffic scanning speed. The Web Threat Protection component performs heuristic analysis at the medium scan level.
If you want to configure a custom security level, click the Advanced Settings button and define your own component settings.
You can restore the values of preset security levels by clicking the Restore recommended security level button in the upper part of the window.
In the Action on threat detection block, select the action that Kaspersky Endpoint Security performs on malicious web traffic objects:
Block download. If this option is selected and an infected object is detected in web traffic, the Web Threat Protection component blocks access to the object and displays a message in the browser.
Inform. If this option is selected and an infected object is detected in web traffic, Kaspersky Endpoint Security allows this object to be downloaded to the computer but adds information about the infected object to the list of active threats.
Save your changes.
Web Threat Protection settings recommended by Kaspersky experts (recommended security level)
Parameter
Value
Description
Check the web address against the database of malicious web addresses
On
Scanning the links to determine whether they are included in the database of malicious web addresses allows you to track websites that have been added to denylist. The database of malicious web addresses is maintained by Kaspersky, included in the application installation package, and updated during Kaspersky Endpoint Security database updates.
Check the web address against the database of phishing web addresses
On
The database of phishing web addresses includes the web addresses of currently known websites that are used to launch phishing attacks. Kaspersky supplements this database of phishing links with addresses obtained from the international organization known as the Anti-Phishing Working Group. The database of phishing addresses is included in the application installation package and supplemented with Kaspersky Endpoint Security database updates.
Use Heuristic Analysis (Web Threat Protection)
Medium scan
The technology was developed for detecting threats that cannot be detected by using the current version of Kaspersky application databases. It detects files that may be infected with an unknown virus or a new variety of a known virus.
When web traffic is scanned for viruses and other applications that present a threat, the heuristic analyzer performs instructions in the executable files. The number of instructions that are executed by the heuristic analyzer depends on the level that is specified for the heuristic analyzer. The heuristic analysis level ensures a balance between the thoroughness of searching for new threats, the load on the resources of the operating system, and the duration of heuristic analysis.
Use Heuristic Analysis (Anti-Phishing)
On
The technology was developed for detecting threats that cannot be detected by using the current version of Kaspersky application databases. It detects files that may be infected with an unknown virus or a new variety of a known virus.
Action on threat detection
Block download
If this option is selected and an infected object is detected in web traffic, the Web Threat Protection component blocks access to the object and displays a message in the browser.