This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Web Shield

This Article Applies to:

  • Avast Business Hub

 

Web Shield helps protect your system from threats when you are browsing the web by actively scanning data that is transferred to prevent malware from being downloaded and run on your PC. Detected malicious connections/downloads will be blocked by Web Shield automatically.

You can enable and configure web, HTTPS, and script scanning for Web Shield.

We do not recommend installing this component on a server OS that is also running Microsoft Exchange. The Exchange and Anti-Spam components handle Exchange-level filtering and will conflict with this component.

Note that in Antivirus for macOS, the shields can only be disabled, not uninstalled. Therefore, if you uninstall Web Shield from a policy, the service on macOS endpoints will only be disabled.

Configuring Web Shield Settings

Windows and macOS configuration options are mixed together in the policy settings for the various components.

To access Web Shield settings:

  1. Open the Policies page
  2. Click the desired policy to open its Detail drawer
  3. Select the Settings tab, then Antivirus
  4. Expand the Web Shield section (under Antivirus Protection)

Seven sets of settings are available here:

  • Main settings (Windows and macOS)
  • Web scanning (Windows)
  • Actions (Windows)
  • Packers (Windows)
  • Sensitivity (Windows)
  • Site Blocking (Windows)
  • Report file (Windows)

Main Settings

The main Web Shield settings offer the following options for Windows devices:

  • Enable Web scanning: Enables Web Shield to scan all files downloaded from the internet for malware. When this is enabled, you can also choose whether to receive warnings when downloading files with poor reputation and/or to scan traffic from well-known browser processes only.
  • Enable HTTPS scanning: Enables Web Shield to scan websites with encrypted connections. If disabled, only websites with unsecured connections are scanned.
  • Enable DNS/DoH scanning: Scans the network for malicious patterns in domain resolutions.
  • Enable WebSocket protocol scanning: Scans the network traffic commonly used by web applications.
  • Use intelligent stream scanning: Lets Web Shield perform scans in operating memory only (without caching).
  • Do not scan trusted sites: Leaves out trusted sites from the scan.
  • Block malware URLs: Prevents malicious sites from opening.
  • Script scanning: Allows Web Shield to block malicious scripts being run in browsers and other applications. This includes remote threats from the web and outside sources, and local threats saved to disk or in the browser cache. Script scanning can also detect and block malicious scripts that come from HTTPS (encrypted) connections.
  • Enable QUIC/HTTP3: Scans communications sent and received via Google's QUIC protocol.
  • Block botnet attacks: Prevents botnets from using the device to attack other computers.

For macOS devices, you can choose whether to:

  • Enable IPv6
  • Scan secured connections (you can choose to only scan secured connections from browsers)
  • Report potentially unwanted programs (PUPs)

Web Scanning

Here, you can configure which items should be scanned when they are downloaded from the web:

  • Scan all files: Scans all downloaded files, which may slow down the scan and web browsing considerably. If you select this option, consider excluding trusted websites and/or MIME types from the scan for better performance.
  • Scan selected file types only: Scans only files with extensions and/or MIME types that you specify here. All added file types will be displayed here and can be edited or deleted if needed.

You can also prevent Web Shield from unpacking archives with valid digital signatures.

Actions

The Actions settings define how viruses, PUPs, unwanted tools, and suspicious objects are handled when detected by File Shield. For each type, it is possible to only configure one single action. The available actions can be selected from each drop-down menu:

  • Abort connection (default action): Terminates the connection with the applicable website as soon as a potential threat is detected.
  • Ask: Gives the option to terminate the connection with the applicable website or remain connected when a potential threat is detected. Remaining connected may be risky.

Under the Options section, you can also choose whether Avast will display a notification each time Web Shield detects a threat.

Packers

These settings allow you to define which archive (packer) formats Avast should try to extract during Web Shield scans (unpacked files can be better analyzed for malware). Original archives remain intact while processed by Web Shield. You can choose to use either all packer formats or just the ones you select from the list. By default, all packers are used.

Sensitivity

Here, you can adjust the sensitivity of the Antivirus scan for Web Shield:

  • Heuristics Sensitivity: Heuristics enable Antivirus to detect unknown malware by analyzing code for commands that may indicate malicious intent. The default setting is Normal. With higher sensitivity, Antivirus is more likely to detect malware, but also more likely to make false-positive detections that incorrectly identify files as malware.
    • Use code emulation: Choose whether to use code emulations to unpack and test suspected malware in an emulated environment, where the files cannot cause damage to devices.
  • Sensitivity: Enable Test whole files to check the whole content of a file instead of the parts typically affected by malicious code. There is usually no need to enable this option, and it will likely impact system performance.
  • PUP and suspicious files: Choose whether or not to scan for potentially unwanted programs (PUPs). You can select the option separately for pre and post 21.5 and 21.6 versions of the Antivirus respectively. For versions 21.6 and newer, you can also choose whether to scan for potentially unwanted tools.

Site Blocking

Here, you can specify any URL addresses that you want Web Shield to block. All added URLs will be displayed here and can be edited or deleted if needed.

To be able to add URLs to the list, the Enable checkbox needs to be ticked.

Note that site blocking always overrides the exclusions.

Report File

You can configure the report file here in order to enhance the reporting of the shield:

  • File name: Enter a name for the report file (default * will use the default file name)
    • The Generate report file checkbox needs to be ticked for the report file to be created.
  • File type: Select the format of the report file:
    • Plain text (ANSI)
    • Plain text (Unicode)
    • XML
  • If file exists: Select Append if you want new results to be added to the end of the previous report, or Overwrite if you want new results to replace the previous report
    • Using the Append option will gradually increase the size of the report file on the disk. Including informative events such as OK will also greatly increase the size on the disk as every clean file will be reported.
  • Reported items: Define which events appear in report files:
    • Infected items — Files and areas of the scanned environment that the virus scan identifies as containing malware
    • Hard Errors — Unexpected errors that require further investigation
    • Soft Errors — Minor errors, such as a file being unable to be scanned because it was in use
    • OK items — Files and areas that the virus scan identified as being clean
    • Skipped items — Files and areas that the virus scan did not check because of the scan settings

At the bottom of the settings, the default location of the report is displayed.

Adding Web Shield Exclusions

If needed, you can add exclusions to the Web Shield scans through the Antivirus Exclusions settings of a selected policy. This can speed up the scans and prevent false-positive detections.

For more information on standard and component-specific exclusions, see Configuring Antivirus Exclusions.

FAQ

Windows: Enable the password protection of the UI (locally in unmanaged, from the policies in managed), in order to prevent the local user disabling shields.

macOS: The administrator password is required to disable the shield. The antivirus UI cannot be password protected at this time.

Add the URL/IP address the application/site is connecting to as an exclusion in the Web Shield specific exclusions. Verify if there are any potentially conflicting applications (e.g. another antivirus) running on the system and remove it if found.

No, it cannot be disabled, unless the user disables the Mail Shield (and Web Shield). It is not an actual VPN, just the method used for scanning.

The local Antivirus is simplified with its controls in the UI. The user can only control all shield settings from these toggles at once, rather than individual settings for each shield.

We have the advanced controls in our managed policies to be able to configure each shield individually, which overwrites the local client settings, leading to these options being empty.

They are still configured correctly, they simply are not visible in the local client UI.

The managed endpoints are designed to be controlled from the policies, therefore the important shields are inaccessible from the UI to be disabled individually. Core Shields can only be disabled together.

Usually this indicates the underlying certificate of the website has the issue, rather than our certificate having a problem. Disabling the Web Shield temporarily and accessing the site again will show the original certificate which can be verified.

High speed connections greater than 20Mbits/s may see noticeable delays under certain conditions while Web Shield is enabled. For example, if a hard drive has an I/O speed of 30Mbits/s, the Web Shield can decrease the loading speed of a webpage because the hard drive I/O operations are doubled during active scans. In this case, the internet input of 20Mbits/s combined with 20Mbits/s of Web scanner data output then exceeds the maximum hard drive ability and can lead to noticeable delays.

Some network components or connection types may be incompatible with a parts of Avast Antivirus or Web Shield in particular, as the default setting for some routers and ADSL modems may expect a different connection or packet type. This mismatch can cause connection resets and timeouts. Web Shield scans may also cause a device to time out if the device has a short timeout setting.

Avast monitors reports regarding specific devices and contacts device vendors about frequent issues with proposed coding solutions or workarounds. However, many issues are related to specific settings within Web Shield and can be disabled without eliminating your protection.

No, this is not a supported scenario. For example, if you block all sites, or all TLD, for .co.uk, you cannot then allow specific sites within that blocked list/with the .co.uk domain. Site blocking always overrides the exceptions.

 

Other Articles In This Section:

File Shield

Mail Shield

Behavior Shield

Related Articles:

Managing Policies

Configuring Antivirus Exclusions

Troubleshooting 'Invalid Mail Server Certificate' Warnings