Filter by web resource content

To control access by web resource content, Web Control provides a category filter and a data type filter.

Websites are categorized according to the Kaspersky Security Network cloud service, heuristic analysis, and the database of known websites (included in application databases). For example, you can restrict user access to the Social networks category or to other categories.

You can restrict user access to a website based on data type, for example, to hide images. Kaspersky Endpoint Security determines the data type based on the file format and not based on its extension. Web Control distinguishes the following data types:

Video
Sound
Office applications files
Executable files
Archives
Graphics
Scripts

Kaspersky Endpoint Security does not scan files within archives. For example, if image files were placed in an archive, Kaspersky Endpoint Security identifies the Archives data type and not Graphics.

Rules may include a rule schedule and a list of users to which the rule applies. For example, you can restrict access to websites during working hours only, or allow visiting websites to users in certain groups.

How to enable a web resource content filter in Administration Console (MMC)

Open the Kaspersky Security Center Administration Console.
In the console tree, select Policies.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select Security Controls → Web Control.
Select the Web Control check box.
In the Web Control settings block, click the Add button.
The Rule of access to web resources window opens.
Configure the web resource access rule:
1. In the Name field, enter the name of the rule.
2. In the Filter content drop-down list, select the relevant content filter:
  - By content categories. You can control user access to web resources by category (for example, the Social networks category).
  - By types of data. You can control user access to web resources based on the specific data type of its published data (for example, Graphics).
  - By content categories and types of data. Filters by content categories and types of data are enabled.
  After selecting the filters, configure filter parameters.
3. In the Apply to users drop-down list, select the relevant filter for users:
  - To all users. Web Control will not filter web resources by address.
  - To individual users or groups. Web Control will filter only web resource addresses from the list. You can enter a web address or use masks. You can also export a list of web resource addresses from a TXT file. You can select users in Active Directory, in the list of accounts in Kaspersky Security Center, or by entering a local user name manually. Kaspersky recommends using local user accounts only in special cases when it is not possible to use domain user accounts.
4. In the Action drop-down list, select an option:
  - Allow. Web Control allows access to web resources that match the parameters of the rule.
  - Block. Web Control blocks access to web resources that match the parameters of the rule and displays a website access denied message.
  - Warn. When the user attempts to gain access to a web resource that matches the rule, Web Control displays a warning that visiting the web resource is inadvisable. By using links from the warning message, the user can obtain access to the requested web resource.
5. In the Rule schedule drop-down list, select a schedule or create a new schedule.
Save your changes.

How to enable a web resource content filter in Web Console and Cloud Console

In the main window of the Web Console, select Devices → Policies & profiles.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Security Controls → Web Control.
Turn on the Web Control toggle.
In the Web Control Settings block, click the Add button.
Configure the web resource access rule:
1. In the Rule name field, enter the name of the rule.
2. Select the Active status for the web resource access rule.
  You can use the toggle to disable the web resource access rule at any time.
3. In the Actions block, select the relevant option:
  - Allow. Web Control allows access to web resources that match the parameters of the rule.
  - Block. Web Control blocks access to web resources that match the parameters of the rule and displays a website access denied message.
  - Warn. When the user attempts to gain access to a web resource that matches the rule, Web Control displays a warning that visiting the web resource is inadvisable. By using links from the warning message, the user can obtain access to the requested web resource.
4. In the Content of the filter block, select the relevant content filter:
  - By content categories. You can control user access to web resources by category (for example, the Social networks category).
  - By types of data. You can control user access to web resources based on the specific data type of its published data (for example, Graphics).
  After selecting the filters, configure filter parameters.
5. In the Users block, select the relevant filter for users:
  - Apply to all users. Web Control will not filter web resources by address.
  - Apply to individual users and / or groups. Web Control will filter only web resource addresses from the list. You can enter a web address or use masks. You can also export a list of web resource addresses from a TXT file. You can select users in Active Directory, in the list of accounts in Kaspersky Security Center, or by entering a local user name manually. Kaspersky recommends using local user accounts only in special cases when it is not possible to use domain user accounts.
6. In the Rule schedule block, select a schedule or create a new schedule.
Save your changes.

How to enable a web resource content filter in the application interface

In the main application window, click the button.
In the application settings window, select Security Controls → Web Control.

Web Control settings
In the Settings block, click the Rules of access to web resources button.
In the window that opens, click the Add button.
The Rule of access to web resources window opens.
In the Rule name field, enter the name of the rule.
Select the On status for the web resource access rule.
You can use the toggle to disable the web resource access rule at any time.
In the Action block, select the relevant option:
- Allow. Web Control allows access to web resources that match the parameters of the rule.
- Block. Web Control blocks access to web resources that match the parameters of the rule and displays a website access denied message.
- Warn. When the user attempts to gain access to a web resource that matches the rule, Web Control displays a warning that visiting the web resource is inadvisable. By using links from the warning message, the user can obtain access to the requested web resource.
In the Content of the filter block, select the relevant content filter:
- By content categories. You can control user access to web resources by category (for example, the Social networks category).
- By types of data. You can control user access to web resources based on the specific data type of its published data (for example, Graphics).
To configure the content filter:
1. Click the Settings link.
2. Select the check boxes next to the names of the required categories of content and/or data types.
  Selecting the check box next to the name of a content category and/or data type means that Kaspersky Endpoint Security applies the rule to control access to web resources that belong to the selected categories of content and/or data types.
3. Return to the window for configuring the web resource access rule.
In the Users block, select the relevant filter for users:
- To all users. Web Control will not filter web resources by address.
- To individual users and / or groups. Web Control will filter only web resource addresses from the list. You can enter a web address or use masks. You can also export a list of web resource addresses from a TXT file. You can select users in Active Directory, in the list of accounts in Kaspersky Security Center, or by entering a local user name manually. Kaspersky recommends using local user accounts only in special cases when it is not possible to use domain user accounts. To create a list of users to whom you want to apply the rule:
  1. Click Add.
  2. In the window that opens, select the users or groups of users to which you want to apply the web resource access rule.
  3. Return to the window for configuring the web resource access rule.
In the Rule schedule drop-down list, select the name of the necessary schedule or generate a new schedule based on the selected rule schedule. To do so:
1. Click Edit or add new.
2. In the window that opens, click the Add button.
3. In the window that opens, enter the rule schedule name.
4. Configure the web resource access schedule for users.
5. Return to the window for configuring the web resource access rule.
Save your changes.

As a result, the new Web Control rule is added to the list. If necessary, change the priority of the Web Control rule. You can also use the toggle switch to disable the web resource access rule at any time without removing it from the list.

Page top