Jump to content

Sources of Web Control categories in Endpoint Security


Recommended Posts

Hi folks,

I am a member of an organization that currently has ESET Endpoint Antivirus deployed on over 50 machines. I was thinking of changing to Endpoint Security in order to benefit from the "Web Control" feature to filter web pages based on their content. My question is: what is the mechanism used to categorize the sites? Does ESET keep a huge master list of sites organized by theme (VPN, Adult, etc)? Or is it dynamic? Also, does it work in several languages or only for sites in certain languages?

Thank you in advance for any help.

Link to post
Share on other sites
3 hours ago, Marcos said:

We leverage a database provided by a url categorization provider. It's language independent.

Thank you for your quick response, Marcos. However, does that mean that all of our computer's web traffic history will be sent to the cloud? Or is there an offline copy downloaded to the PC?

Link to post
Share on other sites
1 hour ago, Marcos said:

ESET products query ESET's DNS servers to get website categorization.

Thank you for the explanation. However, if I understand the DNS protocol correctly, this kind of the information isn't accounted for in the response structure. So, do you mean DNS in a large sense of the word? In which case, does that mean the entire URL is sent to ESET's servers or just the the domain name? Please excuse me for insisting but for privacy purposes it's important to know.

Link to post
Share on other sites
  • Administrators

The communication looks like as follows:

25    13.018236    10.0.2.15    10.1.96.106    DNS    182    Standard query 0xfff8 TXT omkcuaacaakaiaaaahka3nosaqaabjp4bubo7pj3cnsfednvahmq3ni3aaaaayy.5ih7acaawaajqb4xgzve2mkntubnwkjwfllru6hv2boiuoai.a.j.e5.sk

26    13.024351    10.1.96.106    10.0.2.15    DNS    375    Standard query response 0xfff8 TXT omkcuaacaakaiaaaahka3nosaqaabjp4bubo7pj3cnsfednvahmq3ni3aaaaayy.5ih7acaawaajqb4xgzve2mkntubnwkjwfllru6hv2boiuoai.a.j.e5.sk TXT

 

Link to post
Share on other sites
  • ESET Staff

In most cases only domain is sent, but the whole URL can be sent as well. The URL part after ? or # is not sent.

Currently the URL can be quite easily read from the request, however these days we are in the process of releasing a new functionality for the encryption of these requests. The process should be finished in November if no blocking issues emerge.

The URLs are not kept at our servers at all.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...