Web access protection
Web access protection scans HTTP (Hypertext Transfer Protocol) and HTTPS (encrypted communication) communication between web browsers and remote servers.
Access to web pages known to contain malicious content is blocked before the content is downloaded. All other web pages are scanned by the ThreatSense scanning engine when loaded and blocked if malicious content is detected. Web access protection offers two levels of protection, blocking by the blacklist and blocking by the content.
Enable Web access protection—Monitors HTTP and HTTPS communication between web browsers and remote servers. Enabled by default, we strongly recommend that Web access protection is enabled.
Excluded applications—Click edit to exclude communications for specific network-aware applications from protocol filtering.
Excluded IPs—Click edit to exclude IP addresses from protocol content filtering.
Web access protection supports following VPNs:
•Cisco AnyConnect VPN
•OpenVPN
•ProtonVPN
•PulseSecure
VPN is supported in default client configuration with routing setup without NAT. |
Currently Web access protection supports only HTTP proxy when it is explicitly configured in ESET Endpoint Antivirus for Linux. System and HTTPS proxies are not supported. |
URL address management
The URL address management enables you to specify URL addresses to block, allow or exclude from checking. Websites in the list of Blocked addresses are not accessible unless they are also included in the list of Allowed addresses. Websites in the list of Found malware is ignored addresses are accessed without being scanned for malicious code.
If you want to block all HTTP addresses except addresses present in the active list of Allowed addresses, add * to the active list of Blocked addresses.
You can use the special symbols "*" (asterisk) and "?" (question mark) when building addresses lists. The asterisk substitutes any character string, and the question mark substitutes any symbol.
Pay attention when specifying excluded addresses, because the list should only contain trusted and safe addresses. Similarly, ensure that the symbols * and ? are used correctly in this list.
To activate a list, select List active. If you want to be notified when entering an address from the current list, select Notify when applying. See URL address management for detailed information.
HTTPS traffic scanning
HTTPS traffic scanning enables you to check for threats in communication that use the SSL and TLS protocols. You can use different scanning modes to examine SSL-protected communication with trusted certificates, unknown certificates, or certificates excluded from SSL-protected communication checking. The program will only scan traffic on ports (443, 0–65535) defined in Ports used by the HTTPS protocol. See HTTPS traffic scanning for detailed information.
ThreatSense parameters
ThreatSense parameters enable you to configure settings for the web access protection, such as types of objects to scan, scan options, etc. See ThreatSense parameters for detailed information.