Kaspersky Security can scan web addresses that are requested over the HTTP protocol by a user or application installed on a protected virtual machine. When scanning web addresses, Kaspersky Security can use databases of malicious and phishing web addresses, and information about the reputation of web resources received from Global KSN.
By default, if Web Addresses Scan is enabled, Kaspersky Security scans web addresses to check if they are malicious, phishing, or advertising web addresses. Kaspersky Security can also scan web addresses to check if they belong to the category of web addresses associated with the distribution of legitimate applications that could be exploited to harm a virtual machine or user data. You can specify which categories of web addresses must be detected by the application.
To detect advertising web addresses and web addresses associated with the distribution of legitimate applications that could be exploited to harm a virtual machine or user data, Global KSN must be used by Kaspersky Security. If Global KSN is not being used, the application does not scan web addresses to check if they belong to these web address categories.
If you are using the application in multitenancy mode, Kaspersky Security scans web addresses that are requested from virtual machines but checks them only against the databases of malicious and phishing web addresses.
If this scan is enabled and Kaspersky Security detects a web address that belongs to one or more of the selected web address categories, the application takes the action defined in the application settings, for example, blocks or allows access to the specific web address.
If Kaspersky Security blocks access to a web address that the user tries to access, the browser on the protected virtual machine displays a blocked web address notification.
You can create a list of web addresses to which Kaspersky Security will not block access regardless of the action specified in the application settings.
Kaspersky Security does not scan a web address that is requested from an IP address whose traffic is excluded from scans based on the network threat protection exclusion rules.