|Configuring policies / Anti-virus and HIPS policy|
Web protection provides enhanced protection against web threats. It includes the following features:
Live URL filtering blocks access to websites that are known to host malware. This feature works by performing a real-time lookup against Sophos's online database of infected websites.
Content scanning scans data and files downloaded from the internet (or intranet) and proactively detects malicious content. This feature scans content hosted at any location, including locations not listed in the database of infected websites.
Download reputation is calculated based on the file's age, source, prevalence, deep content analysis and other characteristics.
By default, an alert will be displayed when you attempt to download a file with low or unknown reputation. We recommend that you do not download such files. If you trust the file's source and publisher, you can choose to download the file. Your action and the file's URL will be recorded in the scanning log.
For more information about download reputation, see knowledgebase article 121319.
By default, web protection is enabled: access to malicious websites is blocked, downloaded content is scanned and the reputation of downloaded files is checked.
For more information about the web protection settings and how to change them, see Configure web protection options.
Web protection is supported on the following web browsers:
Web content accessed via an unsupported browser is not filtered and will not be blocked.
When access to a malicious website is blocked, an event is logged that can be viewed in the Web Event Viewer and in the Computer details of the endpoint computer where the event occurred. If you use the Web Control feature, both web protection and web control events are displayed in the Web Event Viewer and Computer details. See View web events and View latest web events on a computer.