This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Web Shield

This Article Applies to:

  • Avast Small Business Solutions
  • Avast Small Office Protection

 

Web Shield helps protect your system from threats when you are browsing the web by actively scanning data that is transferred to prevent malware from being downloaded and run on your PC. Detected malicious connections/downloads will be blocked by Web Shield automatically.

You can enable and configure web, HTTPS, and script scanning for Web Shield.

Small Business Solutions Only: We do not recommend installing this component on a server OS that is also running Microsoft Exchange. The Exchange and Anti-Spam components handle Exchange-level filtering and will conflict with this component.

 

Web Shield is part of the Core Shields of the Avast Business client.

From Protection > Core Shields, you can enable/disable this component using the dedicated toggle.

Note that it is not possible to individually enable/disable Web Shield in managed devices - only all core shields can be disabled/enabled at once from the Advanced Settings. Unmanaged devices have free control over disabling/enabling these shields.

Configuring Web Shield Settings

Advanced Web Shield settings can be accessed by either clicking the gear icon on the Core Shields screen or navigating to Menu > Settings > Protection > Core Shields, then selecting the Web Shield tab under Configure shield settings.

The following options are available here:

  • Enable Web Shield: Turns the shield on or off.
  • Enable HTTPS scanning: Enables Web Shield to scan websites with encrypted connections. If disabled, only websites with unsecured connections are scanned.
  • Enable QUIC/HTTP3 scanning: Scans communications sent and received via Google's QUIC protocol.
  • Enable WebSocket protocol scanning: Scans the network traffic commonly used by web applications.
  • Enable DNS/DoH scanning: Scans the network traffic for malicious patterns in domain resolutions.
  • Protect against botnets: Prevents botnets from using your computer to attack other computers.
  • Enable Script scanning: Allows Web Shield to block malicious scripts being run in browsers and other applications. This includes remote threats from the web and outside sources, and local threats saved to disk or in the browser cache. Script scanning can also detect and block malicious scripts that come from HTTPS (encrypted) connections.
  • Enable site blocking: Allows Web Shield to block access to specified websites (see the section below for more information).
  • Generate report file: Specify if Web Shield should automatically generate report files and save them on your device.

Blocking Specific Websites

You can specify the websites you want to block by clicking the Block a new website button under the Enable site blocking setting, then specifying the website URL. All added URLs will be displayed here and can be edited or deleted if needed.

Note that site blocking always overrides the exceptions.

At the top of the Core Shields screen, you can also configure some general settings such as scan sensitivity and response to malware detections, as well as enable additional features like CyberCapture or Hardened Mode. Note that these settings apply to all Core Shields. For more information, see Core Shields Settings.

Additional Geek Area Settings

Within the Geek Area, there are several further settings for Mail Shield. To access these:

  1. Go to Menu, then select Settings
  2. Click Search in the top right corner
  1. Type geek:area in the search field, then hit Enter
  1. Scroll down to the Web Shield section

There are four detection types you can configure here:

  • Action to be performed when a virus is found
  • Action to be performed when a potentially unwanted program is found
  • Action to be performed when a potentially unwanted tool is found
  • Action to be performed when a suspicious object is found

For each type, it is possible to only configure one single action. The available actions can be selected from each drop-down menu:

  • Abort connection (default action): Terminates the connection with the applicable website as soon as a potential threat is detected.
  • Ask: Gives you the option to terminate the connection with the applicable website or remain connected when a potential threat is detected. Remaining connected may be risky.

Apart from these options, you can define whether Web Shield will:

  • Scan traffic from well-known browser processes only: With this option enabled, Web Shield only monitors HTTP traffic for the most common browsers.
  • Show a notification window when an action is taken (enabled by default): You will receive a notification from Avast each time Web Shield detects a threat.
  • Protect Internet Explorer/Mozilla Firefox/Google Chrome/Adobe Acrobat Reader/other applications with Script Shield: Tick or untick the relevant boxes to specify which browsers and applications are protected by Script Shield. Commonly used browsers, Adobe Acrobat Reader, and all other applications on your PC are protected by default.
    • Script Shield is designed to protect browsers and other applications from running potentially malicious scripts. This includes remote threats from the web and outside sources, local threats downloaded to your hard drive or in the browser cache, and scripts that come from encrypted connections.

It is also possible to configure the report file here in order to enhance the reporting of the shield:

  • Report file name: Enter a name for the report file (default * will use the default file name)
    • The Generate report file checkbox needs to be ticked for the report file to be created.
  • Report file type: Select the format of the report file:
    • Plain text (ANSI)
    • Plain text (Unicode)
    • XML
  • If report file exists: Select Append if you want new results to be added to the end of the previous report, or Overwrite if you want new results to replace the previous report
    • Using the Append option will gradually increase the size of the report file on the disk. Including informative events such as OK will also greatly increase the size on the disk as every clean file will be reported.
  • Reported items: Define which events appear in report files. Type any of the following events into the text box provided, ensuring entries are separated by semicolons:
    • Infected — Files and areas of the scanned environment that the virus scan identifies as containing malware
    • HardErrors — Unexpected errors that require further investigation
    • SoftErrors — Minor errors, such as a file being unable to be scanned because it was in use
    • OK — Files and areas that the virus scan identified as being clean
    • Skipped — Files and areas that the virus scan did not check because of the scan settings

In-Browser Detections

When an infected website is accessed, Web Shield will display a dialog directly in your browser, informing you about the detected threat and offering the option of scanning your device. Selecting Scan your PC will open your Antivirus client and start the scan.

In-browser detections work only for the malicious content that would be displayed inside the page (e.g. some direct download URL).

Currently, only Chrome and Firefox browsers are supported.

The detection ID at the bottom of the dialog can be copied and sent to Avast Support for analysis.

Revoked Certificates

Web Shield can also block users from accessing sites with revoked certificates. They will receive only a tray notification.

The user/administrator should use a tool such as https://ssllabs.com/ssltest/analyze.html to further analyze the site, or report the issue to the owner.

Adding Web Shield Exceptions

If needed, you can add exceptions to the Web Shield scans through the Exceptions tab of the Settings > General section. This can speed up the scans and prevent false-positive detections. For detailed instructions, see Configuring Antivirus Exceptions.

Note that site blocking always overrides the exceptions.

FAQ

Windows: Enable the password protection of the UI (locally in unmanaged, from the policies in managed), in order to prevent the local user disabling shields.

macOS: The administrator password is required to disable the shield. The antivirus UI cannot be password protected at this time.

Add the URL/IP address the application/site is connecting to as an exclusion in the Web Shield specific exclusions. Verify if there are any potentially conflicting applications (e.g. another antivirus) running on the system and remove it if found.

No, it cannot be disabled, unless the user disables the Mail Shield (and Web Shield). It is not an actual VPN, just the method used for scanning.

The local Antivirus is simplified with its controls in the UI. The user can only control all shield settings from these toggles at once, rather than individual settings for each shield.

We have the advanced controls in our managed policies to be able to configure each shield individually, which overwrites the local client settings, leading to these options being empty.

They are still configured correctly, they simply are not visible in the local client UI.

The managed endpoints are designed to be controlled from the policies, therefore the important shields are inaccessible from the UI to be disabled individually. Core Shields can only be disabled together.

Usually this indicates the underlying certificate of the website has the issue, rather than our certificate having a problem. Disabling the Web Shield temporarily and accessing the site again will show the original certificate which can be verified.

High speed connections greater than 20Mbits/s may see noticeable delays under certain conditions while Web Shield is enabled. For example, if a hard drive has an I/O speed of 30Mbits/s, the Web Shield can decrease the loading speed of a webpage because the hard drive I/O operations are doubled during active scans. In this case, the internet input of 20Mbits/s combined with 20Mbits/s of Web scanner data output then exceeds the maximum hard drive ability and can lead to noticeable delays.

Some network components or connection types may be incompatible with a parts of Avast Antivirus or Web Shield in particular, as the default setting for some routers and ADSL modems may expect a different connection or packet type. This mismatch can cause connection resets and timeouts. Web Shield scans may also cause a device to time out if the device has a short timeout setting.

Avast monitors reports regarding specific devices and contacts device vendors about frequent issues with proposed coding solutions or workarounds. However, many issues are related to specific settings within Web Shield and can be disabled without eliminating your protection.

No, this is not a supported scenario. For example, if you block all sites, or all TLD, for .co.uk, you cannot then allow specific sites within that blocked list/with the .co.uk domain. Site blocking always overrides the exceptions.

 

Other Articles In This Section:

Core Shields Settings

File Shield

Mail Shield

Behavior Shield

Related Articles:

Configuring Antivirus Exceptions

Component Overview

Troubleshooting 'Invalid Mail Server Certificate' Warnings