This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Web Shield

This Article Applies to:

  • Avast Business On-Premise Console

 

Web Shield helps protect your system from threats when you are browsing the web by actively scanning data that is transferred to prevent malware from being downloaded and run on your PC. Detected malicious connections/downloads will be blocked by Web Shield automatically.

You can enable and configure web, HTTPS, and script scanning for Web Shield.

We do not recommend installing this component on a server OS that is also running Microsoft Exchange. The Exchange and Anti-Spam components handle Exchange-level filtering and will conflict with this component.

Note that in Antivirus for macOS, the shields can only be disabled, not uninstalled. Therefore, if you uninstall Web Shield from a policy, the service on macOS endpoints will only be disabled.

Configuring Web Shield Settings for Windows Devices

To access Web Shield settings for Windows devices:

  1. Go to the Policies page
  2. Open the desired policy
  3. Select Windows Workstation or Windows Server
  4. Go to the Active protection tab
  5. Click the Customize link next to Web Shield

The available configuration options are grouped as follows:

  • Main settings
  • Web scanning
  • Exclusions
  • Actions
  • Packers
  • Sensitivity
  • Site Blocking
  • Script exclusions
  • Report file

Main Settings

The main Web Shield settings offer the following options:

  • Enable Web scanning: Enables Web Shield to scan all files downloaded from the internet for malware. When this is enabled, you can also choose whether to receive warnings when downloading files with poor reputation and/or to scan traffic from well-known browser processes only.
  • Enable HTTPS scanning: Enables Web Shield to scan websites with encrypted connections. If disabled, only websites with unsecured connections are scanned.
  • Use intelligent stream scanning: Lets Web Shield perform scans in operating memory only (without caching).
  • Do not scan trusted sites: Leaves out trusted sites from the scan.
  • Block malware URLs: Prevents malicious sites from opening.
  • Script scanning: Allows Web Shield to block malicious scripts being run in browsers and applications. This includes remote threats from the web and outside sources, and local threats saved to disk or in the browser cache. Script scanning can also detect and block malicious scripts that come from HTTPS (encrypted) connections.

Web Scanning

Here, you can configure which items should be scanned when they are downloaded from the web:

  • Scan all files: Scans all downloaded files, which may slow down the scan and web browsing considerably. If you select this option, consider excluding trusted websites and/or MIME types from the scan for better performance.
  • Scan selected file types only: Scans only files with extensions and/or MIME types that you specify here. All added file types will be displayed here and can be edited or deleted if needed.

You can also prevent Web Shield from unpacking archives with valid digital signatures.

Exclusions

The settings here allow you to configure a list of URLs, MIME-types, and/or processes that should be excluded from Web Shield scans. All added exclusions will be displayed here and can be edited or deleted if needed.

Exclusions that you specify here only apply to Web Shield and do not affect any other scans or shields. To exclude a location from all Antivirus scans, set up standard exclusions instead.

For more information on standard and component-specific exclusions, see Configuring Antivirus Exclusions.

Actions

The Actions settings define how viruses, PUPs, and suspicious objects are handled when detected by File Shield. For each type, it is possible to only configure one single action. The available actions can be selected from each drop-down menu:

  • Abort connection (default action): Terminates the connection with the applicable website as soon as a potential threat is detected.
  • Ask: Gives the option to terminate the connection with the applicable website or remain connected when a potential threat is detected. Remaining connected may be risky.

Under the Options section, you can also choose whether Avast will display a notification each time Web Shield detects a threat.

Packers

These settings allow you to define which archive (packer) formats Avast should try to extract during Web Shield scans (unpacked files can be better analyzed for malware). Original archives remain intact while processed by Web Shield. You can choose to use either all packer formats or just the ones you select from the list. By default, all packers are used.

Sensitivity

Here, you can adjust the sensitivity of the Antivirus scan for Web Shield:

  • Heuristics Sensitivity: Heuristics enable Antivirus to detect unknown malware by analyzing code for commands that may indicate malicious intent. The default setting is Normal. With higher sensitivity, Antivirus is more likely to detect malware, but also more likely to make false-positive detections that incorrectly identify files as malware.
    • Use code emulation: Choose whether to use code emulations to unpack and test suspected malware in an emulated environment, where the files cannot cause damage to devices.
  • Sensitivity: Enable Test whole files to check the whole content of a file instead of the parts typically affected by malicious code. There is usually no need to enable this option, and it will likely impact system performance.
  • PUP and suspicious files: Choose whether or not to scan for potentially unwanted programs (PUPs).

Site Blocking

Here, you can specify any URL addresses that you want Web Shield to block. All added URLs will be displayed here and can be edited or deleted if needed.

To be able to add URLs to the list, the Enable site blocking checkbox needs to be ticked.

Wildcards are accepted.

Note that site blocking always overrides the exclusions.

Script Exclusions

Here, you can define which scripts should not be scanned by Web Shield, listed by URL. All added URLs will be displayed here and can be edited or deleted if needed.

To be able to add URLs to the list, the Use URLS to exclude checkbox needs to be ticked.

Report File

You can configure the report file here in order to enhance the reporting of the shield:

  • File name: Enter a name for the report file (default * will use the default file name)
    • The Generate report file checkbox needs to be ticked for the report file to be created.
  • File type: Select the format of the report file:
    • Plain text (ANSI)
    • Plain text (Unicode)
    • XML
  • If file exists: Select Append if you want new results to be added to the end of the previous report, or Overwrite if you want new results to replace the previous report
    • Using the Append option will gradually increase the size of the report file on the disk. Including informative events such as OK will also greatly increase the size on the disk as every clean file will be reported.
  • Reported items: Define which events appear in report files:
    • Infected items — Files and areas of the scanned environment that the virus scan identifies as containing malware
    • Hard Errors — Unexpected errors that require further investigation
    • Soft Errors — Minor errors, such as a file being unable to be scanned because it was in use
    • OK items — Files and areas that the virus scan identified as being clean
    • Skipped items — Files and areas that the virus scan did not check because of the scan settings

At the bottom of the settings, the default location of the report is displayed.

Configuring Web Shield Settings for macOS Devices

To access Web Shield settings for macOS devices:

  1. Go to the Policies page
  2. Open the desired policy
  3. Select Mac OS X
  4. Go to the Active Protection tab
  5. Click the Customize link next to Web Shield

The available configuration options are grouped as follows:

  • Enable IPv6: Scans devices that use IPv6.
  • Scan secured connections: Scans sites accessed over secure protocols. You can also choose to only scan secure connections from browsers.
  • PUP: Checks for and notifies about potentially unwanted programs.
  • Exclusion list: Allows specifying URLs that should be excluded from Web Shield scans. You can edit/delete existing exclusions or add new ones to the list.   

FAQ