This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Web Shield

This Article Applies to:

  • Avast Business Hub

 

Web Shield helps protect your system from threats when you are browsing the web by actively scanning data that is transferred to prevent malware from being downloaded and run on your PC. Detected malicious connections/downloads will be blocked by Web Shield automatically.

You can enable and configure web, HTTPS, and script scanning for Web Shield.

We do not recommend installing this component on a server OS that is also running Microsoft Exchange. The Exchange and Anti-Spam components handle Exchange-level filtering and will conflict with this component.

Note that in Antivirus for macOS, the shields can only be disabled, not uninstalled. Therefore, if you uninstall Web Shield from a policy, the service on macOS endpoints will only be disabled.

Configuring Web Shield Settings

Windows and macOS configuration options are mixed together in the policy settings for the various components.

To access Web Shield settings:

  1. Open the Policies page
  2. Click the desired policy to open its Detail drawer
  3. Select the Settings tab, then Antivirus
  4. Expand the Web Shield section (under Antivirus Protection)

The available configuration options are grouped as follows:

  • Main settings (Windows and macOS)
  • Web scanning (Windows)
  • Actions (Windows)
  • Packers (Windows)
  • Sensitivity (Windows)
  • Site Blocking (Windows)
  • Report file (Windows)

Main Settings

The main Web Shield settings offer the following options for Windows devices:

  • Enable Web scanning: Enables Web Shield to scan all files downloaded from the internet for malware. When this is enabled, you can also choose whether to receive warnings when downloading files with poor reputation and/or to scan traffic from well-known browser processes only.
  • Enable HTTPS scanning: Enables Web Shield to scan websites with encrypted connections. If disabled, only websites with unsecured connections are scanned.
  • Enable DNS/DoH scanning: Scans the network for malicious patterns in domain resolutions.
  • Enable WebSocket protocol scanning: Scans the network traffic commonly used by web applications.
  • Use intelligent stream scanning: Lets Web Shield perform scans in operating memory only (without caching).
  • Do not scan trusted sites: Leaves out trusted sites from the scan.
  • Block malware URLs: Prevents malicious sites from opening.
  • Script scanning: Allows Web Shield to block malicious scripts being run in browsers and applications. This includes remote threats from the web and outside sources, and local threats saved to disk or in the browser cache. Script scanning can also detect and block malicious scripts that come from HTTPS (encrypted) connections.
  • Enable QUIC/HTTP3: Scans communications sent and received via Google's QUIC protocol.
  • Block botnet attacks: Prevents botnets from using the device to attack other computers.

For macOS devices, you can choose whether to:

  • Enable IPv6: Scans devices that use IPv6.
  • Scan secured connections: Scans sites accessed over secure protocols. You can also choose to only scan secure connections from browsers.
  • Report potentially unwanted programs (PUPs): Checks for and notifies about potentially unwanted programs.

Web Scanning

Here, you can configure which items should be scanned when they are downloaded from the web:

  • Scan all files: Scans all downloaded files, which may slow down the scan and web browsing considerably. If you select this option, consider excluding trusted websites and/or MIME types from the scan for better performance.
  • Scan selected file types only: Scans only files with extensions and/or MIME types that you specify here. All added file types will be displayed here and can be edited or deleted if needed.

You can also prevent Web Shield from unpacking archives with valid digital signatures.

Actions

The Actions settings define how viruses, PUPs, unwanted tools, and suspicious objects are handled when detected by File Shield. For each type, it is possible to only configure one single action. The available actions can be selected from each drop-down menu:

  • Abort connection (default action): Terminates the connection with the applicable website as soon as a potential threat is detected.
  • Ask: Gives the option to terminate the connection with the applicable website or remain connected when a potential threat is detected. Remaining connected may be risky.

Under the Options section, you can also choose whether Avast will display a notification each time Web Shield detects a threat.

Packers

These settings allow you to define which archive (packer) formats Avast should try to extract during Web Shield scans (unpacked files can be better analyzed for malware). Original archives remain intact while processed by Web Shield. You can choose to use either all packer formats or just the ones you select from the list. By default, all packers are used.

Sensitivity

Here, you can adjust the sensitivity of the Antivirus scan for Web Shield:

  • Heuristics Sensitivity: Heuristics enable Antivirus to detect unknown malware by analyzing code for commands that may indicate malicious intent. The default setting is Normal. With higher sensitivity, Antivirus is more likely to detect malware, but also more likely to make false-positive detections that incorrectly identify files as malware.
    • Use code emulation: Choose whether to use code emulations to unpack and test suspected malware in an emulated environment, where the files cannot cause damage to devices.
  • Sensitivity: Enable Test whole files to check the whole content of a file instead of the parts typically affected by malicious code. There is usually no need to enable this option, and it will likely impact system performance.
  • PUP and suspicious files: Choose whether or not to scan for potentially unwanted programs (PUPs). You can select the option separately for pre and post 21.5 and 21.6 versions of the Antivirus respectively. For versions 21.6 and newer, you can also choose whether to scan for potentially unwanted tools.

Site Blocking

Here, you can specify any URL addresses that you want Web Shield to block. All added URLs will be displayed here and can be edited or deleted if needed.

To be able to add URLs to the list, the Enable checkbox needs to be ticked.

Wildcards are accepted.

Note that site blocking always overrides the exclusions.

Report File

You can configure the report file here in order to enhance the reporting of the shield:

  • File name: Enter a name for the report file (default * will use the default file name)
    • The Generate report file checkbox needs to be ticked for the report file to be created.
  • File type: Select the format of the report file:
    • Plain text (ANSI)
    • Plain text (Unicode)
    • XML
  • If file exists: Select Append if you want new results to be added to the end of the previous report, or Overwrite if you want new results to replace the previous report
    • Using the Append option will gradually increase the size of the report file on the disk. Including informative events such as OK will also greatly increase the size on the disk as every clean file will be reported.
  • Reported items: Define which events appear in report files:
    • Infected items — Files and areas of the scanned environment that the virus scan identifies as containing malware
    • Hard Errors — Unexpected errors that require further investigation
    • Soft Errors — Minor errors, such as a file being unable to be scanned because it was in use
    • OK items — Files and areas that the virus scan identified as being clean
    • Skipped items — Files and areas that the virus scan did not check because of the scan settings

At the bottom of the settings, the default location of the report is displayed.

Adding Web Shield Exclusions

If needed, you can add exclusions to the Web Shield scans through the Antivirus Exclusions settings of a selected policy. This can speed up the scans and prevent false-positive detections.

For more information on standard and component-specific exclusions, see Configuring Antivirus Exclusions.

FAQ