Creating the list of trusted web addresses
In addition to malicious and phishing websites, Web Threat Protection can block other websites. For example, Web Threat Protection blocks HTTP traffic that does not satisfy RFC standards. You can create a list of URLs whose content you trust. The Web Threat Protection component does not analyze information from trusted web addresses to check them for viruses or other threats. This option may be useful, for example, if the Web Threat Protection component interferes with downloading a file from a known website.
A URL may be the address of a specific web page or the address of a website.
Trusted zones are grouped differently in the Administration Console (MMC) and the Web Console. Likewise, the way the trusted zone parameter changes are prevented is different (different "padlocks"). We recommend using only the Web Console to manage the application. If you configure the trusted zone in different consoles, the management plug-in may reset the "padlock" to its default state.
How to add a trusted web address using Administration Console (MMC)
- In the Kaspersky Security Center Administration Console tree, select Policies.
- Select the necessary policy and double-click to open the policy properties.
- In the policy window, select Essential Threat Protection → Web Threat Protection.
- In the Security level block, click the Settings button.
- In the window that opens, select the Trusted web addresses tab.
- Select the Do not scan web traffic from trusted web addresses check box.
If this option is selected, the Web Threat Protection component does not scan the content of web pages or websites whose addresses are included in the list of trusted web addresses. You can add both the specific address and the address mask of a web page/website to the list of trusted web addresses.
- Create a list of URLs / web pages whose content you trust.
Kaspersky Endpoint Security supports the * and ? characters when entering a mask.
You can also import a list of trusted web addresses from an XML file.
- Save your changes.
How to add a trusted web address in the Web Console and Cloud Console
- In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
- Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
- Select the Application settings tab.
- Go to Communication & Web Protection → Web Threat Protection.
- Click Trusted web addresses.
- Create a list of URLs / web pages whose content you trust.
Kaspersky Endpoint Security supports the * and ? characters when entering a mask.
You can also import a list of trusted web addresses from an XML file.
- Save your changes.
How to add a trusted web address in the application interface
- In the main application window, click the
button. - In the application settings window, select Essential Threat Protection → Web Threat Protection.
- Click Advanced settings.
- Select the Do not scan web traffic from trusted URLs check box.
If this option is selected, the Web Threat Protection component does not scan the content of web pages or websites whose addresses are included in the list of trusted web addresses. You can add both the specific address and the address mask of a web page/website to the list of trusted web addresses.
- Create a list of URLs / web pages whose content you trust.
Kaspersky Endpoint Security supports the * and ? characters when entering a mask.
You can also import a list of trusted web addresses from an XML file.
- Save your changes.
As a result, Web Threat Protection does not scan traffic of trusted web addresses. The user always can open a trusted website and download a file from that website. If you could not gain access to the website, check the settings of Encrypted connections scan, Web Control, and Network ports monitoring components. If Kaspersky Endpoint Security detects a file downloaded from a trusted website as malicious, you can add this file to exclusions.
You can also create a general list of exclusions for encrypted connections. In this case, Kaspersky Endpoint Security does not scan the HTTPS traffic of trusted web addresses when the Web Threat Protection, Mail Threat Protection, and Web Control components are doing their work.
Page top