Web Control report

The Web Control report contains information about attempts by users or applications installed on protected virtual machines to access dangerous or inadvisable web addresses that belong to the web address categories selected for detection.

The Period field displays the period of time covered by the data included in the report. By default, the report contains for the last 30 days, including the report generation date.

It contains the following consolidated information:

• Result. The result of the action taken by Kaspersky Security when it detects an attempt to access a dangerous or undesirable web address.
• Rule. The network rule applied by the application when it takes action in response to a detected attempt to access a dangerous or undesirable web address. Possible values for Kaspersky Security:
  • Kaspersky Security for Virtualization Agentless: Attempt to access a malicious web address
  • Kaspersky Security for Virtualization Agentless: Attempt to access a phishing web address
  • Kaspersky Security for Virtualization Agentless: Attempt to access an advertising web address
  • Kaspersky Security for Virtualization Agentless: Attempt to access a web address from the "Other" category
• Attempts. Number of attempts to access a dangerous or undesirable web address.
• User accounts. The number of protected virtual machines from which attempts were made to access a dangerous or undesirable web address.
• Web address. The number of dangerous or undesirable web addresses for which access attempts were detected.
• Devices. The number of protected virtual machines from which attempts were made to access a dangerous or undesirable web address.
• Administration groups. Kaspersky Security always displays 1 in this field, because all protected virtual machines are assigned to one "pseudohosts" conditional group. The "pseudohosts" group does not belong to administration groups and is not displayed in the Kaspersky Security Center Administration Console. Protected virtual machines cannot belong to administration groups, because they are not considered as client devices of Kaspersky Security Center.
• First attempt. The date and time of the first attempt to access a dangerous or undesirable web address.
• Last attempt. The date and time of the last attempt to access a dangerous or undesirable web address.

  The row below contains the following consolidated information:

  • Rules. The number of network rules that determine which action the application takes when it detects an attempt to access a dangerous or undesirable web address. For Kaspersky Security, the value in this field is: 4.
  • Blocked attempts. The number of attempts to access dangerous or undesirable web addresses blocked by Kaspersky Security.
  • Warnings. The number of attempts to access dangerous or undesirable web addresses that were allowed according to the application settings.
  • Blocked web addresses. The number of dangerous or undesirable web addresses that were blocked by Kaspersky Security.
  • Web addresses with warnings. The number of dangerous or undesirable web addresses that were allowed to be accessed according to the application settings.
  • Blocked users. The number of protected virtual machines from which attempts were made to access blocked web addresses.
  • Warned users. The number of protected virtual machines for which Kaspersky Security allowed access to dangerous or undesirable web addresses.
  • First blocked attempt. The date and time of the first attempt to access a dangerous or undesirable web address that was blocked by Kaspersky Security.
  • Last blocked attempt. The date and time of the last attempt to access a dangerous or undesirable web address that was blocked by Kaspersky Security.
  • First warning. The date and time of the first attempt to access a dangerous or undesirable web address that was allowed according to the application settings.
  • Last warning. The date and time of the last attempt to access a dangerous or undesirable web address that was allowed according to the application settings.

The report contains the following detailed information for each attempt to access a dangerous or undesirable web address:

• Result. The result of the action taken by Kaspersky Security when it detects an attempt to access a dangerous or undesirable web address.
• Rule. The network rule applied by the application when it takes action in response to a detected attempt to access a dangerous or undesirable web address. Possible values for Kaspersky Security:
  • Kaspersky Security for Virtualization Agentless: Attempt to access a malicious web address
  • Kaspersky Security for Virtualization Agentless: Attempt to access a phishing web address
  • Kaspersky Security for Virtualization Agentless: Attempt to access an advertising web address
  • Kaspersky Security for Virtualization Agentless: Attempt to access a web address from the "Other" category
• User account. The IP address of the protected virtual machine from which an attempt was made to access a dangerous or undesirable web address.
• Web address. The dangerous or undesirable web address for which an access attempt was detected.
• Time. The date and time when an attempt to access a dangerous or undesirable web address was detected.
• Group. Kaspersky Security always displays pseudohosts in this field, because all protected virtual machines are assigned to one "pseudohosts" conditional group. The "pseudohosts" group does not belong to administration groups and is not displayed in the Kaspersky Security Center Administration Console. Protected virtual machines cannot belong to administration groups, because they are not considered as client devices of Kaspersky Security Center.
• Device. The name of the protected virtual machine from which an attempt was made to access a dangerous or undesirable web address, and the path to the virtual machine in the virtual infrastructure.
• Version number. The version number of the Kaspersky Security Network Threat Protection component that detected the attempt to access a dangerous or undesirable web address.
• Last visible on the network. The date and time of the last event associated with the protected virtual machine from which an attempt was made to access a dangerous or undesirable web address.
• IP address. The IP address of the protected virtual machine from which an attempt was made to access a dangerous or undesirable web address.
• NetBIOS name, DNS name. The name of the protected virtual machine from which an attempt was made to access a dangerous or undesirable web address, and the path to the virtual machine in the virtual infrastructure.
• As rated by KSN. The information about whether the attempt to access a dangerous or undesirable web address was detected using KSN. Possible values: Yes or No.

Page top