Web Threat Protection

The Web Threat Protection component allows you to scan inbound traffic via HTTP, HTTPS, and FTP, websites, and IP addresses, prevent malicious files from being downloaded from the Internet, and block access to phishing, adware, and other malicious websites.

Current connections for intercepted TCP ports are reset when Network Threat Protection is enabled.

By default, the Web Threat Protection task is disabled. However, it is enabled automatically if local management of Web Threat Protection settings has been allowed on the device (the policy is not applied or is not "locked") and one of the following executable files of browsers, including in snap format, has been detected on the system:

• chrome
• chromium
• chromium-browser
• firefox
• firefox-esr
• google-chrome
• opera
• yandex-browser

You can enable or disable Web Threat Protection, and also configure the protection settings:

• Select action that the application performs on a web resource where a dangerous object is detected.
• Configure a list of trusted web addresses. The application will not scan the contents of websites whose web addresses are included in this list.
• Select objects that the application will detect when scanning inbound traffic.
• Configure the encrypted connections scan to scan HTTPS traffic.

  To scan FTP traffic, control of all network ports must be configured in the settings for the encrypted connections scan.

When a website is opened, the application performs the following actions:

1. Checks the website security using the downloaded application databases.
2. Checks the website security using heuristic analysis, if enabled.

   During heuristic analysis, Kaspersky Industrial CyberSecurity for Linux Nodes analyzes the activity of applications in the operating system. Heuristic analysis can detect dangerous objects for which there are currently no records in the Kaspersky Industrial CyberSecurity for Linux Nodes databases.

3. Checks the trustworthiness of a website using Kaspersky reputation databases if the use of Kaspersky Security Network is enabled.

   You are advised to enable the use of Kaspersky Security Network to help Web Threat Protection work more effectively.

4. Blocks or allows opening of the website.

On attempt to open a dangerous website, the application performs the following:

• For HTTP or FTP traffic, the application blocks access and shows a warning message.
• For HTTPS traffic, a browser displays an error page.

Removing application certificates may cause the Web Threat Protection component to work incorrectly.

Kaspersky Industrial CyberSecurity for Linux Nodes adds a special chain of allowing rules (kics_bypass) to the list of the mangle table of the iptables and ip6tables utilities. This chain of allowing rules allows excluding traffic from scanning by the application. If traffic exclusion rules are configured in the chain, they affect the operation of the Web Threat Protection component.

In this Help section Configuring Web Threat Protection in the Web Console Configuring Web Threat Protection in the Administration Console Configuring Web Threat Protection in the command line

Page top