Skip to content

Endpoint: Web Control

You need to configure the Web Control options to protect users and computers. There are no default options.

Additional security options

Click Additional security options to configure access to advertisements, uncategorized sites and risky downloads.

  • Block risky downloads: This option blocks risky file types, but allows advertisements and uncategorized files.
  • None: This option allows risky file types, advertisements and uncategorized files.
  • Let me specify: This allows you to set advertisements and uncategorized file types to Allow, Block or Warn.

It also allows you to set Risky File Types to:

  • Recommended: This gives you the settings shown in the table of file types below.
  • Allow: Allows all risky file types.
  • Warn: Warns the user that a file may be risky before they can download it.
  • Block: Blocks all risky file types.
  • Let me specify: This allows you to set a number of individual file types to Allow, Warn, or Block.

Acceptable web usage

Configure Acceptable web usage settings. These control the sites that users are allowed to visit.

  • Keep it clean: Prevents users from accessing adult and other potentially inappropriate websites.
  • Gentle guidance : Blocks inappropriate browsing and warns users before visiting website categories that may impact their productivity.
  • Conserve bandwidth: Blocks inappropriate browsing and warns users before visiting productivity-impacting websites. Blocks site categories likely to consume high bandwidth.
  • Business only: Only allows site categories that are generally business-related.
  • Let me specify: Allows you to configure individual site categories. For each group of categories (such as Productivity-related categories) you can set the behavior to Block, Warn, Allow or Let me specify. Choosing Let me specify allows you to configure individual categories within these groups.

For more control over how policy affects websites you can use the System Settings > Website Management page.

Protect against data loss

Select Protect against data loss to configure data loss settings.

Selecting this option allows you to choose Block data sharing, Allow data sharing, or Let me specify. Setting these options controls access to web-based email and file downloads.

Log web control events

Select Log web control events to log attempts to visit blocked websites or websites for which we display a warning.

If you do not enable logging, only attempts to visit infected sites will be logged.

Control sites tagged in Website Management

You can put websites into your own custom categories ("tag" them) and then use a Web Control policy inSophos Central Admin to control sites in each category.

To set this up, do as follows.

  1. In Endpoint: Web Control, go to Website Management.
  2. Click Add.
  3. In Add Website Customization, enter a website and add a tag. You can either type in a new tag name, or select a tag you've used before (you'll see suggested tags when you start typing).

    If you exclude a domain, then we automatically exclude all of its subdomains. For example, if you exclude this also excludes or

    You don't need to use any wildcards or special characters.

  4. Click Save.

  5. Go to Endpoint Protection in Sophos Central Admin and select the policy you want to use the tag in.