pcubed 0 Posted October 29, 2020 Share Posted October 29, 2020 Hi folks, I am a member of an organization that currently has ESET Endpoint Antivirus deployed on over 50 machines. I was thinking of changing to Endpoint Security in order to benefit from the "Web Control" feature to filter web pages based on their content. My question is: what is the mechanism used to categorize the sites? Does ESET keep a huge master list of sites organized by theme (VPN, Adult, etc)? Or is it dynamic? Also, does it work in several languages or only for sites in certain languages? Thank you in advance for any help. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,838 Posted October 29, 2020 Administrators Share Posted October 29, 2020 We leverage a database provided by a url categorization provider. It's language independent. Link to comment Share on other sites More sharing options...
pcubed 0 Posted October 29, 2020 Author Share Posted October 29, 2020 3 hours ago, Marcos said: We leverage a database provided by a url categorization provider. It's language independent. Thank you for your quick response, Marcos. However, does that mean that all of our computer's web traffic history will be sent to the cloud? Or is there an offline copy downloaded to the PC? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,838 Posted October 29, 2020 Administrators Share Posted October 29, 2020 ESET products query ESET's DNS servers to get website categorization. Link to comment Share on other sites More sharing options...
pcubed 0 Posted October 29, 2020 Author Share Posted October 29, 2020 1 hour ago, Marcos said: ESET products query ESET's DNS servers to get website categorization. Thank you for the explanation. However, if I understand the DNS protocol correctly, this kind of the information isn't accounted for in the response structure. So, do you mean DNS in a large sense of the word? In which case, does that mean the entire URL is sent to ESET's servers or just the the domain name? Please excuse me for insisting but for privacy purposes it's important to know. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,838 Posted October 29, 2020 Administrators Share Posted October 29, 2020 The communication looks like as follows: 25 13.018236 10.0.2.15 10.1.96.106 DNS 182 Standard query 0xfff8 TXT omkcuaacaakaiaaaahka3nosaqaabjp4bubo7pj3cnsfednvahmq3ni3aaaaayy.5ih7acaawaajqb4xgzve2mkntubnwkjwfllru6hv2boiuoai.a.j.e5.sk 26 13.024351 10.1.96.106 10.0.2.15 DNS 375 Standard query response 0xfff8 TXT omkcuaacaakaiaaaahka3nosaqaabjp4bubo7pj3cnsfednvahmq3ni3aaaaayy.5ih7acaawaajqb4xgzve2mkntubnwkjwfllru6hv2boiuoai.a.j.e5.sk TXT Link to comment Share on other sites More sharing options...
ESET Staff Posolsvetla 15 Posted October 30, 2020 ESET Staff Share Posted October 30, 2020 In most cases only domain is sent, but the whole URL can be sent as well. The URL part after ? or # is not sent. Currently the URL can be quite easily read from the request, however these days we are in the process of releasing a new functionality for the encryption of these requests. The process should be finished in November if no blocking issues emerge. The URLs are not kept at our servers at all. Peter Randziak 1 Link to comment Share on other sites More sharing options...
Recommended Posts