Kaspersky Security for Virtualization 5.2 Light Agent
5.2
English

Contents

Web Control

The Kaspersky Security functionality described in this section is available only if the application is installed on a virtual machine with a Windows desktop operating system.

Web Control allows controlling actions by LAN users, by restricting or blocking access to web resources. A web resource is an individual web page or several web pages, or a website or several websites that have a common feature.

Web Control can monitor the web resources, which are accessed through secure connections.

Web Control provides the following features:

  • Saving traffic.

    Traffic is controlled by restricting or blocking downloads of multimedia files, or by restricting or blocking access to web resources that are unrelated to users' job responsibilities.

  • Differentiation of access by content categories of web resources.

    To save traffic and reduce potential losses from the misuse of employee time, you can restrict or block access to specified categories of web resources (for example, block access to sites that belong to the "News media" category).

  • Centralized control of access to web resources.

    When using Kaspersky Security Center, personal and group settings of access to web resources are available.

All restrictions and blocks that are applied to access to web resources are implemented as web resource access rules.

This section describes how to configure Web Control settings using the Administration Console and the Light Agent for Windows local interface. You can also configure the Web Control settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application SettingsEndpoint controlWeb Control).

In this Help section

About web resource access rules

Web resource content categories

Enabling and disabling Web Control

Actions with web resource access rules

Rules for creating masks for web resource addresses

Exporting and importing the list of web resource addresses

Editing templates of Web Control messages
Page top
[Topic 65749]

About web resource access rules

A web resource access rule is a set of filters and actions that Kaspersky Security performs when the user visits web resources that are described in the rule during the time span that is indicated in the rule schedule. Filters allow you to precisely specify a pool of web resources to which access is controlled by the Web Control component.

The application provides the following filters:

  • Filter by content. Web Control categorizes web resources by content and data type. You can control user access to web resources with content and data types of certain categories. When the users visit web resources that belong to the selected content category and / or data type category, Kaspersky Security performs the action that is specified in the rule.
  • Filter by web resource addresses. You can control user access to all web resource addresses or to individual web resource addresses and / or groups of web resource addresses.

    If filtering by content and filtering by web resource addresses are specified, and the specified web resource addresses and / or groups of web resource addresses belong to the selected content categories or data type categories, Kaspersky Security does not control access to all web resources in the selected content categories and / or data type categories. Instead, the application controls access only to the specified web resource addresses and / or groups of web resource addresses.

  • Filter by names of users and user groups. You can specify the names of users and / or groups of users for which access to web resources is controlled according to the rule.
  • Rule schedule. You can specify the rule schedule. The rule schedule determines the time span during which Kaspersky Security monitors access to web resources covered by the rule.

After Kaspersky Security is installed, the following web resource access rules are created by default:

  • Scripts and stylesheets. The rule grants all users access at all times to web resources whose addresses contain the names of files with the css, js, or vbs extensions. For example: http://www.example.com/style.css, http://www.example.com/style.css?mode=normal.
  • Default rule. The rule grants all users access to any web resources at any time.
Page top
[Topic 65752]

Web resource content categories

To restrict access of virtual machine users to web resources, the web resource content categories listed below can be used.

The order of the listed categories does not reflect their relative significance or occurrence on the Internet. The names of the categories are conventional and used only for in Kaspersky applications and websites. The names do not necessarily correspond to the meanings assigned to them under applicable law. One web resource may belong to several categories at a time.

Adult content

The category includes web resources related to the sexual side of human relationship. It can be content of any format and type.

  • Pornography, erotic – web resources containing any photo or video materials depicting genitals of humans or humanoid creatures, acts of sexual intercourse or self-stimulation performed by human beings or humanoid creatures. This category also included web resources containing any text materials, including literary or artistic materials, describing genitals of humans or humanoid creatures, acts of sexual intercourse or self-stimulation performed by human beings or humanoid creatures. In addition, the category included web resources containing erotic materials, works that provide a realistic portrayal of sexual behavior of humans, or works of art designed to stimulate sexual arousal.
  • Nudism – web resources dedicated to nudism: community sites, special places for recreation, photo hosting related to nudism, as well as sites containing relevant images.
  • Lingerie – web resources that sell underwear, as well as sites for exhibitions, shows in underwear, erotic content showing people in the underwear.
  • Sex education – web resources that contain:
    • Articles and blogs covering sex education with both scientific and popular themes.
    • Medical encyclopedias, specifically their sections about sexual reproduction.
    • Resources of medical institutions, specifically their sections covering treatment of sexual organs.
  • Adult dating – web resources that offer dating services, including those with a sexual connotation.
  • LGBT+ – web resources that contain information about LGBT. These can be encyclopedias, forums, websites of the corresponding associations. Any information of any site on this subject.
  • Sex shops – web resources of intimate shops, containing descriptions of these shops, and more.
  • Abortion – web resources containing information about abortion, including on the websites of medical institutions.

Software, audio, video

This category includes web resources where users can download software packages:

  • Web resources distributing audio and video materials: movies, recordings of sports broadcasts, recordings of concerts, songs, movie clips, videos, tutorial audio and video recordings, etc.
  • Torrent trackers and file sharing websites irrespective of the physical location of files being distributed.

Alcohol, tobacco, drugs

The category includes web resources that mention alcohol, drugs, any form of tobacco, including advertising, historical, medical and educational resources, as well as web resources where devices for the use of these substances are described or sold.

  • Drugs – web resources, containing materials related to drug products, in particular, dedicated to the sale, advertising, description, historical and medical facts about drugs.
  • Alcohol – web resources, containing materials related to alcohol and alcohol-containing products, in particular, dedicated to the sale, advertising, description, historical and medical facts alcohol.
  • Tobacco – web resources, containing materials related to tobacco products, in particular, dedicated to the sale, advertising, description, historical and medical facts about tobacco.

Violence

This category includes web resources containing photo, video or text materials describing acts of physical or psychological violence directed against human beings, or cruel treatment of animals. Works of art can be excluded from this category.

Weapons, explosives, pyrotechnics

This category includes web resources with information about weapons, explosives, and pyrotechnical products.

The term "weapons" means appliances, items, and means designed to harm the life or health of humans and animals and/or damage equipment and structures.

Profanity

This category includes web resources where profane language has been detected.

This category also includes web resources with linguistic and philological materials containing profanity as the subject of study.

Gambling, lotteries, sweepstakes

This category includes web resources containing:

  • Gambling in which participants are required to make monetary contributions.
  • Sweepstakes that involve betting with money.
  • Lotteries that involve purchasing lottery tickets or numbers.

Internet communication

This category includes web resources that enable users (whether registered or not) to send personal messages to other users.

  • Web mail – exclusively login pages of an email service and mailbox pages containing emails and associated data (such as personal contacts). This category is not assigned to other web pages of an Internet service provider that also offers email service.
  • Social networks – websites designed for building, displaying, and managing contacts between persons, organizations, and governments, which require registration of a user account as a condition of participation.
  • Chats, forums, IM – web-chats as well as web resources designed to distribute or support instant messaging applications that enable real-time communication. Forums – special web services for public discussion of various topics where the correspondence is saved.
  • Blogs – web resources designed for public discussion of various topics using special web applications, including blog platforms (websites that provide paid or free services for creating and maintaining blogs).
  • Dating sites – online dating resources that offer dating services, including without sexual connotation.

Online stores, banks, payment systems

This category includes web resources designed for any online transactions in non-cash monetary funds using special-purpose web applications. It also includes web resources that help you rent, rent, buy or sell real estate.

  • Online stores – online shops and auctions selling any goods, work or services to individuals and/or legal entities, including websites of stores that conduct sales exclusively online and online profiles of physical stores that accept online payments.
  • Banks – web resources of banks.
  • Payment systems – this category includes the following web pages:
    • Specialized web pages of banks with online banking functionality, including wire (electronic) transfers between bank accounts, making bank deposits, performing currency conversion, paying for third-party services, etc.
    • Web pages of e-money systems that provide access to the user's personal account.
  • Cryptocurrencies, mining – websites offering services for buying and selling cryptocurrency as well as informational services concerning cryptocurrencies and mining.

Job search

This category includes web resources designed to bring together employers and job seekers. They include:

  • Websites of recruitment agencies (employment agencies and/or headhunting agencies).
  • Websites of employers with descriptions of available job openings and their advantages.
  • Independent portals with offers of employment from employers and recruitment agencies.
  • Professional social networks that, among all else, make it possible to publish or find information about specialists who are not actively searching for employment.

Anonymizers

The category includes web resources that act as an intermediary for downloading content from other web resources using special web applications for:

  • Bypassing restrictions imposed by a LAN administrator on access to web addresses or IP addresses.
  • Anonymously accessing web resources, including web resources that specifically reject HTTP requests from certain IP addresses or their groups (for example, IP addresses grouped by country of origin).

Computer games

The category includes web resources dedicated to various types of computer games, as well as gaming communities and services.

Religions, religious associations

This category includes web resources with materials on public movements, associations, and organizations with a religious ideology and/or cult in any manifestations.

News media

News portals of any subject including social news, news aggregators, rss mailings.

Ads

This category includes web resources with banners. Advertising information on banners may distract users from their activities, while banner downloads increase the amount of traffic.

Page top
[Topic 76905]

Enabling and disabling Web Control

By default, Web Control is enabled. You can disable Web Control, if necessary.

To enable or disable Web Control in Kaspersky Security Center:

  1. Open Kaspersky Security Center Administration Console.
  2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
  3. In the workspace, select the Policies tab.
  4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
  5. In the policy properties window, select the Web Control section in the list on the left.
  6. In the right part of the window, do one of the following:
    • If you want to enable Web Control component, select the Web Control check box.
    • If you want to disable Web Control component, clear the Web Control check box.
  7. Click the Apply button.

In the local interface of Light Agent for Windows, you can enable or disable a component in two ways:

To enable or disable Web Control on the Protection and Control tab of the main application window:

  1. On the protected virtual machine, open the main application window.
  2. Select the Protection and Control tab.
  3. Open the Endpoint control section.
  4. Open the context menu of the Web Control item and perform one of the following actions:
    • To enable Web Control, select Enable in the menu.
    • To disable Web Control, select Disable in the menu.

    If this menu item is unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.

To enable or disable Web Control from the application settings window:

  1. On the protected virtual machine, open the application settings window.
  2. In the left part of the window, in the Endpoint control section, select Web Control.

    In the right part of the window, the Web Control component’s settings are displayed.

    If component settings are unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.

  3. Do one of the following:
    • If you want to enable Web Control component, select the Enable Web Control check box.
    • If you want to disable Web Control component, clear the Enable Web Control check box.
  4. To save changes, click the Save button.
Page top
[Topic 65751][Topic 65753]

Creating and editing a web resource access rule

To add or edit the web resource access rule in Kaspersky Security Center:

  1. Open Kaspersky Security Center Administration Console.
  2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
  3. In the workspace, select the Policies tab.
  4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
  5. In the policy properties window, select the Web Control section in the list on the left.
  6. In the right part of the window, do one of the following:
    • To create a new rule, click the Add button.
    • If you want to edit the rule, select it in the list of rules and click the Edit button.
  7. In the Web resource access rule window that opens, in the Name field, enter or edit the name of the rule.
  8. From the Filter content drop-down list, select the required option:
    • Any content.
    • By content categories.
    • By types of data.
    • By content categories and types of data.

    If an option other than Any content is selected, a section for selecting content categories and / or data type categories opens. Select the check boxes next to the names of the necessary content categories and/or data type categories.

    Selecting the check box next to the name of a content category and/or data type category means that the application applies the rule to control access to web resources that belong to the selected content categories and/or data type categories.

  9. From the Apply to addresses drop-down list, select the required option:
    • To all addresses.
    • To individual addresses.

    If the To individual addresses option is selected, a section opens where you create a list of web resources. You can create and edit the list of web resources by using the Add, Edit, and Delete buttons. To create a list of web resource addresses, you can also use web resource address masks.

    After creating a list of web resource addresses, you can export it to file so you can later import this list from file.

  10. Select the Specify users and/or groups check box and click the Select button.

    The standard Select Users or Groups window in Microsoft Windows opens.

  11. Define or edit the list of users and/or groups of users for whom access to the web resources described by the rule is allowed or restricted, and click OK.
  12. In the Action drop-down list, select the necessary item:
    • Allow. If this value is selected, the application allows access to web resources that match the settings of the rule.
    • Block. If this value is selected, the application blocks access to web resources that match the settings of the rule.
    • Warn. If this value is selected, the application displays a message to warn that a web resource is unwanted when the user attempts to access web resources that match the settings of the rule. By using links from the warning message, the user can obtain access to the requested web resource.
  13. In the Rule schedule drop-down list that opens, select the name of the necessary schedule or create a new schedule that is based on the selected rule schedule. To do this, perform the following actions:
    1. Click the Settings button next to the Rule schedule drop-down list.
    2. To supplement the rule schedule with a time interval, during which the rule does not apply, in the Rule schedule window that opens, in the table that shows the rule schedule, click the table cells that correspond to the time and day of the week that you want to select.

      The color of the cells turns gray.

    3. To substitute a time span during which the rule applies with a time span during which the rule does not apply, click the gray cells in the table which correspond to the time and day of the week that you want to select.

      The color of the cells turns green.

    4. If you are creating a rule schedule that is based on the schedule of the Always rule that is created by default, click OK or Save as. If you are creating a rule schedule based on the schedule of a rule that was not created by default, click Save as.
    5. In the Rule schedule name window that opens, enter the name of the rule schedule or leave the default name.
    6. Click OK in the Rule schedule name window.
  14. In the Web resource access rule window, click OK.
  15. Click the Apply button.

To add or edit the web resource access rule in the local interface:

  1. On the protected virtual machine, open the application settings window.
  2. In the left part of the window, in the Endpoint control section, select Web Control.

    In the right part of the window, the Web Control component’s settings are displayed.

    If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

  3. Complete steps 6–14 of the previous instructions.
  4. To save changes, click the Save button.
Page top
[Topic 65754]

Changing the priority web resource access rules

The priority of a rule is defined by its position in the Access rules sorted by priority table in the Web Control settings window. The first rule in the table has the highest priority.

If the web resource that the virtual machine user attempts to access matches the parameters of several rules, the application performs an action according to the rule with the highest priority.

You can raise or lower the priority of any web resource access rule except for the "Default rule", which always has the lowest priority and is located at the end of the list of rules.

To change the priority of a web resource access rule in Kaspersky Security Center:

  1. Open Kaspersky Security Center Administration Console.
  2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
  3. In the workspace, select the Policies tab.
  4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
  5. In the policy properties window, select the Web Control section in the list on the left.
  6. In the right part of the window, in the Access rules sorted by priority table, select the rule whose priority you want to change, and use the Move up and Move down buttons to move the rule to the necessary position.
  7. Click the Apply button.

To change the priority of a web resource access rule in the local interface:

  1. On the protected virtual machine, open the application settings window.
  2. In the left part of the window, in the Endpoint control section, select Web Control.

    In the right part of the window, the Web Control component’s settings are displayed.

    If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

  3. In the Access rules sorted by priority table, select the rule whose priority you want to change, and use the Move up and Move down buttons to move the rule to the necessary position.
  4. To save changes, click the Save button.
Page top
[Topic 65755]

Testing web resource access rules

In the local interface, you can check the consistency of rules by using the Rules diagnostics function.

To test the web resource access rules:

  1. On the protected virtual machine, open the application settings window.
  2. In the left part of the window, in the Endpoint control section, select Web Control.

    In the right part of the window, the Web Control component’s settings are displayed.

  3. In the lower part of the window, click the Diagnostics button.

    The Rules diagnostics window opens.

  4. Fill in the fields in the Conditions section:
    1. If you want to test the rules that the application uses to control access to a specific web resource, select the Specify address check box. Enter the address of the web resource in the field below.
    2. If you want to test the rules that the application uses to control access to web resources for specific users or groups of users, specify the user name or user group name. To do this, perform the following actions:
      1. Select the Specify users and/or groups check box and click the Select button.

        The standard Select Users or Groups window in Microsoft Windows opens.

      2. In the Select Users or Groups window in Microsoft Windows, specify the relevant user or user group and click OK.
    3. If you want to test the rules that the application uses to control access to web resources of specified content categories and/or data type categories, from the Filter content drop-down list, select the required option (By content categories, By types of data, or By content categories and types of data), and select check boxes next to the names of the relevant content categories and/or categories of data types.
    4. If you want to test the rules with account of the time and day of the week when an attempt is made to access the web resource(s) that are specified in the rule diagnostics conditions, select the Include time of access attempt check box. Specify the day of the week and time on the right.
  5. Click the Validate button.

A completed rule test is followed by a message with information about the action that is taken by the application, according to the first rule that is triggered on the attempt to access the specified web resource(s) (allow, block, or warn). All triggered rules are tested next.

Test completion is followed by a message on the right of the Validate button with information about the action that is taken by the application, according to the first rule that is triggered on the attempt to access the specified web resource(s). The first rule to be triggered is the one with a rank on the list of Web Control rules which is higher than that of other rules meeting the diagnostics conditions. The table in the lower part of the Rules diagnostics window lists the remaining triggered rules, specifying the action taken by the application. The rules are listed in the order of declining priority.

Page top
[Topic 65756]

Enabling and disabling a web resource access rule

All predefined web resource access rules have the Enabled status. If a web resource access rule is enabled, Web Control applies this rule.

A new web resource access rule also has the Enabled status after it is created.

You can disable any web resource access rule except the "Default rule". If a web resource access rule is disabled, Web Control temporarily stops applying this rule.

To enable or disable a web resource access rule in Kaspersky Security Center:

  1. Open Kaspersky Security Center Administration Console.
  2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
  3. In the workspace, select the Policies tab.
  4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
  5. In the policy properties window, select the Web Control section in the list on the left.
  6. In list of rules in the right part of the window, select the rule that you want to enable or disable.
  7. In the Status column, open the context menu and select one of the following values:
    • On if you want to enable use of the rule.
    • Off if you want to disable use of the rule.
  8. Click the Apply button.

To enable or disable a web resource access rule in the local interface:

  1. On the protected virtual machine, open the application settings window.
  2. In the left part of the window, in the Endpoint control section, select Web Control.

    In the right part of the window, the Web Control component’s settings are displayed.

    If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

  3. Complete steps 6–7 of the previous instructions.
  4. To save changes, click the Save button.
Page top
[Topic 65757]

Removing web resource access rules

To delete a web resource access rule using Kaspersky Security Center:

  1. Open Kaspersky Security Center Administration Console.
  2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
  3. In the workspace, select the Policies tab.
  4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
  5. In the policy properties window, select the Web Control section in the list on the left.
  6. In the right part of the window, in the list of web resource access rules, select the rule that you want to delete, and click the Delete button.

    The selected rule will be deleted from the list of rules.

    You cannot delete a predefined Default rule.

  7. Click the Apply button.

To delete a web resource access rule in the local interface:

  1. On the protected virtual machine, open the application settings window.
  2. In the left part of the window, in the Endpoint control section, select Web Control.

    In the right part of the window, the Web Control component’s settings are displayed.

    If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

  3. In the list of web resource access rules, select the rule that you want to delete, and click the Delete button.

    The selected rule will be deleted from the list of rules.

    You cannot delete a predefined Default rule.

  4. To save changes, click the Save button.
Page top
[Topic 151677]

Rules for creating masks for web resource addresses

Using a web resource address mask (hereinafter also referred to as simply "address mask") may be useful if you need to enter numerous similar web resource addresses when creating a web resource access rule. If crafted well, one address mask can replace a large number of web resource addresses.

When creating an address mask, adhere to the following rules:

  1. The * character replaces any sequence that contains zero or more characters.

    For example, if you enter the *abc* address mask, the access rule is applied to all web resource addresses that contain the sequence abc. Example: http://www.example.com/page_0-9abcdef.html.

    The ? character is treated as a question mark.

    To include the * character in the address mask, you need to enter the * character twice.

  2. The www. character sequence at the start of the address mask is interpreted as a *. sequence.

    Example: the address mask www.example.com is treated as *.example.com.

  3. If an address mask does not start with the * character, the content of the address mask is equivalent to the same content with the *. prefix.
  4. A sequence of *. characters at the beginning of an address mask is interpreted as *. or an empty string.

    Example: the address mask http://www.*.example.com covers the address of the web resource http://www2.example.com.

  5. If an address mask ends with a character other than / or *, the content of the address mask is equivalent to the same content with the /* postfix.

    Example: the address mask http://www.example.com covers such addresses as http://www.example.com/abc, where a, b, and c are any characters.

  6. If an address mask ends with the / character, the content of the address mask is equivalent to the same content with the /*. postfix.
  7. The character sequence /* at the end of an address mask is interpreted as /* or an empty string.
  8. Web resource addresses are verified against an address mask, taking into account the protocol (http or https):
    • If the address mask contains no network protocol, this address mask covers addresses of web resources with any network protocol.

      Example: the address mask example.com covers the web resource addresses http://example.com and https://example.com.

    • If the address mask contains a network protocol, this address mask only covers web resource addresses with the same network protocol as that of the address mask.

      Example: the address mask http://*.example.com covers the web resource address http://www.example.com but does not cover https://www.example.com.

  9. An address mask that is in double quotes is treated without considering any additional replacements, except the * character if it has been initially included in the address mask. In other words, rules 5 and 7 do not apply to such address masks (see examples 14–18 in the table below).
  10. The user name and password, connection port, and character case are not taken into account during comparison with the address mask of a web resource.

     

    Examples of how to use rules for creating address masks

     

    No.

    Address mask

    Address of web resource to verify

    Does the address match the address mask?

    Comment

    1

    *.example.com

    http://www.123example.com

    No

    See rule 1.

    2

    *.example.com

    http://www.123.example.com

    Yes

    See rule 1.

    3

    *example.com

    http://www.123example.com

    Yes

    See rule 1.

    4

    *example.com

    http://www.123.example.com

    Yes

    See rule 1.

    5

    http://www.*.example.com

    http://www.123example.com

    No

    See rule 1.

    6

    www.example.com

    http://www.example.com

    Yes

    See rules 2, 1.

    7

    www.example.com

    https://www.example.com

    Yes

    See rules 2, 1.

    8

    http://www.*.example.com

    http://123.example.com

    Yes

    See rules 2, 4, 1.

    9

    www.example.com

    http://www.example.com/abc

    Yes

    See rules 2, 5, 1.

    10

    example.com

    http://www.example.com

    Yes

    See rules 3, 1.

    11

    http://example.com/

    http://example.com/abc

    Yes

    See rule 6.

    12

    http://example.com/*

    http://example.com

    Yes

    See rule 7.

    13

    http://example.com

    https://example.com

    No

    See rule 8.

    14

    "example.com"

    http://www.example.com

    No

    See rule 9.

    15

    "http://www.example.com"

    http://www.example.com/abc

    No

    See rule 9.

    16

    "*.example.com"

    http://www.example.com

    Yes

    See rules 1, 9.

    17

    "http://www.example.com/*"

    http://www.example.com/abc

    Yes

    See rules 1, 9.

    18

    "www.example.com"

    http://www.example.com; https://www.example.com

    Yes

    See rules 9, 8.

    19

    www.example.com/abc/123

    http://www.example.com/abc

    No

    An address mask contains more data than the address of a web resource.

Page top
[Topic 65759]

Exporting and importing the list of web resource addresses

If you created a list of web resource addresses when creating a web resource access rule, you can export it to a TXT file. You can subsequently import the list from this file to avoid creating a new list of web resource addresses manually when configuring an access rule. The option of exporting and importing the list of web resource addresses may be useful if, for example, you create access rules with similar parameters.

To export a list of web resource addresses to a file in Kaspersky Security Center:

  1. Open Kaspersky Security Center Administration Console.
  2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
  3. In the workspace, select the Policies tab.
  4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
  5. In the policy properties window, select the Web Control section in the list on the left.
  6. In the right part of the window, in the list of rules, select the rule whose list of web resource addresses you want to export to a file.
  7. Click the Edit button.

    The Web resource access rule window opens.

    A list of web resource addresses to which the rule applies appears under the Apply to addresses drop-down list.

  8. If you do not want to export the entire list of web resource addresses, but rather just a part of it, select the required web resource addresses.
  9. To the right of the field with the list of web resource addresses, click the wc_export button button.

    The action confirmation window opens.

  10. Do one of the following:
    • If you want to export only the selected items of the web resource address list, in the action confirmation window, click the Yes button.
    • If you want to export all items of the list of web resource addresses, in the action confirmation window, click the No button.

    The standard Save as window of Microsoft Office opens.

  11. Select the file to which you want to export the list of web resource addresses, and click the Save button.

To export a list of web resource addresses to a file in the local interface:

  1. On the protected virtual machine, open the application settings window.
  2. In the left part of the window, in the Endpoint control section, select Web Control.

    In the right part of the window, the Web Control component’s settings are displayed.

  3. Complete steps 6–11 of the previous instructions.

    If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

To import the list of web resource addresses from a file to a rule in Kaspersky Security Center:

  1. Open Kaspersky Security Center Administration Console.
  2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
  3. In the workspace, select the Policies tab.
  4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
  5. In the policy properties window, select the Web Control section in the list on the left.

    In the right part of the window,

  6. Do one of the following:
    • To create a new rule, click the Add button.
    • If you want to edit a rule, select it in the list of rules and click the Edit button.

    The Web resource access rule window opens.

  7. If you are creating a new web resource access rule, select To individual addresses from the Apply to addresses drop-down list.
  8. To the right of the field with the list of web resource addresses, click the wc_import button button.

    If you are creating a new rule, the standard Microsoft Windows Open file window opens.

    If you are editing a rule, a window requesting your confirmation opens.

  9. If you are editing a web resource access rule, do one of the following actions in the action confirmation window:
    • If you want to add imported items of the list of web resource addresses to the existing ones, click the Yes button.
    • If you want to delete the existing items of the list of web resource addresses and to add the imported ones, click the No button.

    The standard Open file window in Microsoft Windows opens.

  10. In the Open file window in Microsoft Windows, select a file with a list of web resource addresses to import and click the Open button.

    The imported list of web resource addresses appears in the Web resource access rule window under the Apply to addresses drop-down list.

  11. In the Web resource access rule window, click OK.
  12. Click the Apply button.

To import the list of web resource addresses from a file to a rule in the local interface:

  1. On the protected virtual machine, open the application settings window.
  2. In the left part of the window, in the Endpoint control section, select Web Control.

    In the right part of the window, the Web Control component’s settings are displayed.

    If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

  3. Complete steps 6–11 of the previous instructions.
  4. To save changes, click the Save button.
Page top
[Topic 65758]

Editing templates of Web Control messages

Depending on the action defined in the properties of web resource access rules, the application displays a message of one of the following types when a virtual machine user attempts to access web resources (the HTTP server response is replaced by an HTML page with the appropriate message):

  • Warning message. This message warns the user that a website is potentially harmful and/or does not comply with the corporate policy. The application displays a warning message if the Warn option is selected from the Action drop-down list in the properties of the rule that describes this website.

    If the user believes that the warning is mistaken, the user may click the link from the warning message to open a pre-generated complaint message and send it to the corporate LAN administrator.

  • Message informing of blocking of a web resource. The application displays a message that informs that a web resource is blocked, if the Block option is selected from the Action drop-down list in the properties of the rule that describes this web resource.

    If the user believes that the web resource was blocked by mistake, the user may click the link from the web resource blocking notification to open a pre-generated complaint message and send it to the corporate LAN administrator.

Special templates are provided for the warning message, web resource blocking notification, and complaint message sent to the corporate LAN administrator. You can modify their content.

To modify a Web Control message template in Kaspersky Security Center:

  1. Open Kaspersky Security Center Administration Console.
  2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
  3. In the workspace, select the Policies tab.
  4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
  5. In the policy properties window, select the Web Control section in the list on the left.
  6. In the right part of the window, click the Templates button.
  7. In the Message templates window that opens, do one of the following:
    • If you want to edit the template for the message that warns about a possibly dangerous website, select the Warning tab.
    • If you want to edit the template of the message that informs the user that access to a website is blocked, select the Blocking tab.
    • To modify the complaint template that is sent to the LAN administrator, select the Complaint tab.
  8. Edit the message template. To do this, use the Default and Variables buttons.
  9. Click OK in the Message templates window.
  10. Click the Apply button.

To modify a Web Control message template in the local interface:

  1. On the protected virtual machine, open the application settings window.
  2. In the left part of the window, in the Endpoint control section, select Web Control.

    In the right part of the window, the Web Control component’s settings are displayed.

    If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

  3. Complete steps 6–9 of the previous instructions.
  4. To save changes, click the Save button.
Page top
[Topic 65760]