Inappropriate Website Control

Note: This feature is not included with all licenses. If you want to use it, you might need to customize your license. For more information, see

With this basic form of website control, you can filter the web activity of users, based on 14 website categories. There is a default action for each category (described in About website categories), but, if necessary, you can select a different action, as described in Select a website category action.

Users can be blocked from visiting restricted websites. An event is triggered that is shown to the user and sent to Enterprise Console.

Alternatively, users can be warned by means of a notification when visiting controlled websites; even if the user does not proceed, a warning event is triggered. If the user proceeds and views a site despite the warning, a second event is triggered and sent to Enterprise Console.

Note: Although HTTP and HTTPS sites are both filtered in all supported web browsers, user notifications are different, depending on whether the URL is HTTP or HTTPS. With HTTP sites, users see notification pages for sites in categories set to "Block" or "Warn." For HTTPS, users only see "Block" notifications, and they are displayed as a balloon tip in the Windows System Tray. HTTPS "Warn" actions are neither displayed to the user nor are they logged. Instead, users are allowed to continue to the requested page, and the event is logged as a "Proceed" in Enterprise Console.

If you select the "Allow" action for a website category, users can access all websites within this category, unless website exceptions are specified. "Allow" events are not logged when Inappropriate Website Control is selected.

Note: Allowed sites are still scanned and assessed by Sophos Endpoint Security and Control's live URL-filtering (Web protection) feature.