Web Threat Protection

for Windows, macOS, and Linux

The Web Threat Protection component prevents downloads of malicious files from the internet, and also blocks malicious and phishing websites. The component provides computer protection with the help of anti-virus databases, the Kaspersky Security Network cloud service, and heuristic analysis.

The Web Threat Protection component scans inbound HTTP, HTTPS, and FTP traffic, websites, and IP addresses.

Linux Web Threat Protection is disabled by default. Enabling Web Threat Protection may reduce the performance of installed third-party applications and the operating system. For details on configuring the application to enable Web Threat Protection on Linux devices, see the Technical Support Knowledge Base.

Web Threat Protection settings

Settings	OS	Description
Trusted web addresses	`Windows` `macOS` `Linux`	List of web addresses that the Web Threat Protection considers trusted. The component does not scan incoming and outgoing traffic from these addresses for threates. The list of trusted addresses can be used, for example, if the Web Threat Protection component interferes with downloading a file from a known website. You can add both the specific address and the address mask of a web page / website to the list of trusted web addresses. Kaspersky Endpoint Security supports the `*` and `?` characters when entering a mask.
Scan exclusions	`Windows`	A scan exclusion is a set of conditions that must be fulfilled so that Kaspersky Endpoint Security will not scan a particular object for viruses and other threats. Scan exclusions make it possible for the safe use of legitimate software that can be exploited by criminals to damage a computer or user data. Although they do not have any malicious functions, such applications can be exploited by intruders. For details on legitimate software that can be used by intruders to damage your computer or personal data, please refer to the Kaspersky IT Encyclopedia website. Kaspersky Endpoint Security supports the `*` and `?` characters when entering a mask.
Action on threat detection	`Windows` `macOS` `Linux`	Block. If this option is selected and an infected object is detected in web traffic, the Web Threat Protection component blocks access to the object and displays a message in the browser. Allow, inform, or prompt for action (depends on OS). `Windows` If this option is selected and an infected object is detected in web traffic, Kaspersky Endpoint Security allows this object to be downloaded to the computer, but adds information about the infected object to the list of active threats. `macOS` Kaspersky Endpoint Security displays a notification window with information about the type of malware that has infected the web traffic object and prompts the user to choose the action to be taken by Kaspersky Endpoint Security on this object. The available actions may vary depending on the status of the object. `Linux` Kaspersky Endpoint Security informs the user about the detection of an infected object in web traffic. Web Threat Protection allows this object to be downloaded to the device. At that, the application logs the information about the infected object and adds it to the list of active threats.

Settings

Description

Trusted web addresses

Windows

macOS

Linux

List of web addresses that the Web Threat Protection considers trusted. The component does not scan incoming and outgoing traffic from these addresses for threates. The list of trusted addresses can be used, for example, if the Web Threat Protection component interferes with downloading a file from a known website.

You can add both the specific address and the address mask of a web page / website to the list of trusted web addresses. Kaspersky Endpoint Security supports the * and ? characters when entering a mask.

Scan exclusions

Windows

A scan exclusion is a set of conditions that must be fulfilled so that Kaspersky Endpoint Security will not scan a particular object for viruses and other threats. Scan exclusions make it possible for the safe use of legitimate software that can be exploited by criminals to damage a computer or user data. Although they do not have any malicious functions, such applications can be exploited by intruders. For details on legitimate software that can be used by intruders to damage your computer or personal data, please refer to the Kaspersky IT Encyclopedia website.

Kaspersky Endpoint Security supports the * and ? characters when entering a mask.

Action on threat detection

Windows

macOS

Linux

Block. If this option is selected and an infected object is detected in web traffic, the Web Threat Protection component blocks access to the object and displays a message in the browser.

Allow, inform, or prompt for action (depends on OS).

Windows If this option is selected and an infected object is detected in web traffic, Kaspersky Endpoint Security allows this object to be downloaded to the computer, but adds information about the infected object to the list of active threats.

macOS Kaspersky Endpoint Security displays a notification window with information about the type of malware that has infected the web traffic object and prompts the user to choose the action to be taken by Kaspersky Endpoint Security on this object. The available actions may vary depending on the status of the object.

Linux Kaspersky Endpoint Security informs the user about the detection of an infected object in web traffic. Web Threat Protection allows this object to be downloaded to the device. At that, the application logs the information about the infected object and adds it to the list of active threats.

Page top