Authorize websites

If you use role-based administration:

  • You must have the Policy setting - anti-virus and HIPS right to perform this task.
  • You cannot edit a policy if it is applied outside your active sub-estate.

For more information, see Managing roles and sub-estates.

If you want to authorize a website that Sophos has classified as malicious, you can add it to the list of authorized sites. Authorizing a website will prevent URLs from that website being verified with Sophos's online web filtering service.

CAUTION Authorizing a website that Sophos has classified as malicious could expose your users to threats. Make sure that it is safe to visit the website before you authorize it.

To authorize a website:

  1. Check which anti-virus and HIPS policy is used by the group(s) of computers you want to configure.
  2. In the Policies pane, double-click Anti-virus and HIPS.
  3. Double-click the policy you want to change.
    The Anti-Virus and HIPS Policy dialog box is displayed.
  4. Click Authorization.
    The Authorization Manager dialog box is displayed.
  5. On the Websites tab, click Add.
    • To edit a website entry, select it in the Authorized websites list, and then click Edit.
    • To delete a website entry, select it in the Authorized websites list, and then click Remove.
The website appears in the Authorized websites list.


  • If you have download scanning enabled and your users visit a website that contains a threat, access to the site will be blocked even if it is listed as an authorized website.
  • If you use the web control feature, when you authorize a website that is blocked by your Web control policy, the website will still be blocked. To allow access to the website, you will need to exempt it from web control filtering as well as authorize in the anti-virus and HIPS policy. For more information about web control, see Web control policy.