This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Web Shield

This Article Applies to:

  • Avast Business CloudCare

IMPORTANT: The CloudCare console does not support opening multiple tabs in the same browser session. Please use multiple browsers or incognito mode instead.

 

Web Shield helps protect your system from threats when you are browsing the web by actively scanning data that is transferred to prevent malware from being downloaded and run on your PC. Detected malicious connections/downloads will be blocked by Web Shield automatically.

You can enable and configure web, HTTPS, and script scanning for Web Shield.

We do not recommend installing this component on a server OS that is also running Microsoft Exchange. The Exchange and Anti-Spam components handle Exchange-level filtering and will conflict with this component.

Configuring Web Shield Settings

To access Web Shield settings:

  1. Go to the Policies page (at partner level for master policies or customer level for customer policies)
  2. Select the desired policy from the left-hand pane
  3. Under Endpoint Protection, expand the Antivirus section
  4. Go to the Web Shield tab

The available configuration options are grouped as follows:

  • Main settings
  • Web scanning
  • Actions
  • Packers
  • Sensitivity
  • Site Blocking
  • Script Exclusions
  • Report file

In addition, Web Shield exclusions can be configured via the Exclusions tab of Antivirus settings.

Main Settings

The main Web Shield settings offer the following options:

  • Web scanning: Enables Web Shield to scan all files downloaded from the internet for malware. When this is enabled, you can also choose whether to receive warnings when downloading files with poor reputation and/or to scan traffic from well-known browser processes only.
  • HTTPS scanning: Enables Web Shield to scan websites with encrypted connections. If disabled, only websites with unsecured connections are scanned.
  • Use intelligent stream scanning: Lets Web Shield perform scans in operating memory only (without caching).
  • Do not scan trusted sites: Leaves out trusted sites from the scan.
  • Block malware URLs: Prevents malicious sites from opening.
  • Script scanning: Allows Web Shield to block malicious scripts being run in selected browsers and applications. This includes remote threats from the web and outside sources, and local threats saved to disk or in the browser cache. Script scanning can also detect and block malicious scripts that come from HTTPS (encrypted) connections.
  • Enable QUIC/HTTP3: Scans communications sent and received via Google's QUIC protocol.
  • Block botnet attacks: Prevents botnets from using the device to attack other computers.

Web Scanning

Here, you can configure which items should be scanned when they are downloaded from the web:

  • Scan all files: Scans all downloaded files, which may slow down the scan and web browsing considerably. If you select this option, consider excluding trusted websites and/or MIME types from the scan for better performance.
  • Scan selected file types only: Scans only files with extensions and/or MIME types that you specify here. All added file types will be displayed here and can be edited or deleted if needed.

You can also prevent Web Shield from unpacking archives with valid digital signatures.

Actions

The Actions settings define how viruses, PUPs, and suspicious objects are handled when detected by File Shield. For each type, it is possible to only configure one single action. The available actions can be selected from each drop-down menu:

  • Abort connection (default action): Terminates the connection with the applicable website as soon as a potential threat is detected.
  • Ask: Gives the option to terminate the connection with the applicable website or remain connected when a potential threat is detected. Remaining connected may be risky.

Under the Options section, you can also choose whether Avast will display a notification each time Web Shield detects a threat.

Packers

These settings allow you to define which archive (packer) formats Avast should try to extract during Web Shield scans (unpacked files can be better analyzed for malware). Original archives remain intact while processed by Web Shield. You can choose to use either all packer formats or just the ones you select from the list. By default, all packers are used.

Sensitivity

Here, you can adjust the sensitivity of the Antivirus scan for Web Shield:

  • Heuristics Sensitivity: Heuristics enable Antivirus to detect unknown malware by analyzing code for commands that may indicate malicious intent. The default setting is Normal. With higher sensitivity, Antivirus is more likely to detect malware, but also more likely to make false-positive detections that incorrectly identify files as malware.
    • Use code emulation: Choose whether to use code emulations to unpack and test suspected malware in an emulated environment, where the files cannot cause damage to devices.
  • Sensitivity: Enable Test whole files to check the whole content of a file instead of the parts typically affected by malicious code. There is usually no need to enable this option, and it will likely impact system performance.
  • PUP and suspicious files: Choose whether or not to scan for potentially unwanted programs (PUPs). You can select the option separately for pre and post 21.5 and 21.6 versions of the Antivirus respectively. For versions 21.6 and newer, you can also choose whether to scan for potentially unwanted tools.

Site Blocking

Here, you can specify any URL addresses that you want Web Shield to block. All added URLs will be displayed here and can be edited or deleted if needed.

To be able to add URLs to the list, the Enable site blocking checkbox needs to be ticked.

Wildcards are accepted.

Note that site blocking always overrides the exclusions.

Script Exclusions

Script exclusions allow specifying scripts that are not scanned by Web Shield, listed by URL. All added URLs will be displayed here and can be edited or deleted if needed.

To be able to add URLs to the list, the Enable checkbox needs to be ticked.

Report File

You can configure the report file here in order to enhance the reporting of the shield:

  • File name: Enter a name for the report file (default * will use the default file name)
    • The Generate report file checkbox needs to be ticked for the report file to be created.
  • File type: Select the format of the report file:
    • Plain text (ANSI)
    • Plain text (Unicode)
    • XML
  • If file exists: Select Append if you want new results to be added to the end of the previous report, or Overwrite if you want new results to replace the previous report
    • Using the Append option will gradually increase the size of the report file on the disk. Including informative events such as OK will also greatly increase the size on the disk as every clean file will be reported.
  • Reported items: Define which events appear in report files:
    • Infected items — Files and areas of the scanned environment that the virus scan identifies as containing malware
    • Hard Errors — Unexpected errors that require further investigation
    • Soft Errors — Minor errors, such as a file being unable to be scanned because it was in use
    • OK items — Files and areas that the virus scan identified as being clean
    • Skipped items — Files and areas that the virus scan did not check because of the scan settings

At the bottom of the settings, the default location of the report is displayed.

Web Shield Exclusions

If needed, you can add exclusions to the Web Shield scans through the Antivirus > Exclusions settings of a selected policy. This can speed up the scans and prevent false-positive detections.

For more information on standard and component-specific exclusions, see Configuring Antivirus Exclusions.

Configuring Web Shield Settings for macOS Devices

To access Web Shield settings:

  1. Go to the Policies page (at partner or customer level)
  2. Select the desired policy from the left-hand pane
  3. Under Endpoint Protection, expand the Antivirus settings
  4. Go to the Mac Settings tab
  5. Select Web Shield

The available configuration options are grouped as follows:

  • General Settings:
    • Enable IPv6: Scans devices that use IPv6.
    • Scan secured connections: Scans sites accessed over secure protocols. You can also choose to only scan secure connections from browsers.
    • Report potentially unwanted programs (PUPs): Checks for and notifies about potentially unwanted programs.
  • Exclusions: Allows specifying URLs that should be excluded from Web Shield scans.

FAQ

 

Other Articles In This Section:

File Shield

Mail Shield

Behavior Shield

Related Articles:

Managing Policies