Configure web protection options

If you use role-based administration:

You must have the Policy setting - anti-virus and HIPS right to perform this task.
You cannot edit a policy if it is applied outside your active sub-estate.

For more information, see Managing roles and sub-estates.

To turn web protection on or off:

Check which anti-virus and HIPS policy is used by the group or groups of computers you want to configure.
See Check which policies a group uses.
In the Policies pane, double-click Anti-virus and HIPS.
Double-click the policy you want to change.
In the Anti-virus and HIPS policy dialog box, click the Web Protection button.
In the Web Protection dialog box, under Malware protection, next to Block access to malicious websites, select On or Off to block or unblock access to malicious websites. This option is enabled by default.
For information on how to authorize specific websites, see Authorize websites.
To enable or disable scanning of downloaded data and files, next to Content scanning, select As on-access scanning, On, or Off.
By default, As on-access scanning is selected, that is, content scanning is disabled or enabled simultaneously with on-access scanning.
To change what happens when a user attempts to download a file with low or unknown reputation, under Download reputation, next to Action, select either Prompt user (default) or Log only.

Note: Download reputation requires Sophos Live Protection to be enabled. (By default, Sophos Live Protection is enabled.)
- If you select Prompt user, every time a user attempts to download a low reputation file, an alert will be displayed, informing about this and asking whether to block or allow the download. We recommend that users do not download such files. If they trust the file's source and publisher, they can choose to download the file. The choice to block or allow the download and the file's URL will be recorded in the scanning log and logged as a web event in Enterprise Console.
- If you select Log only, no alert will be displayed; the download will be allowed and recorded in the scanning log and logged as a web event in Enterprise Console.
To choose how rigorous you want reputation scanning to be, next to Threshold, select Recommended (default) or Strict.
- If you select Recommended, an alert will be displayed and/or a log record and event created every time a user attempts to download a file with low or unknown reputation.
- If you select Strict, an alert will be displayed and/or a log record and event created every time a user attempts to download a file with low, unknown, or medium reputation.