carmik 0 Posted September 19, 2022 Share Posted September 19, 2022 On our Endpoint Security 9.1 clients we wish to have all outbound web traffic blocked by default, with only certain URLs/groups allows. How can I implement a default block-all rule in web control? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,909 Posted September 19, 2022 Administrators Share Posted September 19, 2022 You could create a url-based rule to block everything (*) and then put permissive category-based rules above it. However, remember that parts of websites may be loaded from CDNs or other sites. Also the operating system itself may try to download files from servers not whitelisted by the permissive rules. Link to comment Share on other sites More sharing options...
carmik 0 Posted September 19, 2022 Author Share Posted September 19, 2022 1 hour ago, Marcos said: You could create a url-based rule to block everything (*) ... Can't make this step happen, that's the problem. I've created a single rule (which is a block-all one) like this one: ΅What am I missing? Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 4,909 Posted September 19, 2022 Administrators Solution Share Posted September 19, 2022 I was wrong. However, I've tried this and it worked: 1, Create a permissive category-based rule with categories you want to allow 2, Create a blocking category-based rule with a group containing all categories Link to comment Share on other sites More sharing options...
carmik 0 Posted September 19, 2022 Author Share Posted September 19, 2022 Yes, this might work thanks. Link to comment Share on other sites More sharing options...
carmik 0 Posted September 20, 2022 Author Share Posted September 20, 2022 Just got time to re-visit this. Before going on I've stumbled into a passage of text in https://help.eset.com/ees/9/en-US/idh_page_setting_parental.html stating that: [quote]In case you want to block all webpages and leave only certain available, use URL address management.[/quote] The answer is in https://help.eset.com/ees/9/en-US/idh_config_epfw_scan_http_address_list.html and I must say this is an elegant one (but rather hidden in an obscure place). Will try it and get back. Link to comment Share on other sites More sharing options...
carmik 0 Posted September 20, 2022 Author Share Posted September 20, 2022 (edited) Yep, that did the trick! EDIT: Come to think of it, this a solution to a different problem. Ie having a block all web policy and nothing else (either no allow pages or a very small number). @Marcos's response is more on par with the OP problem. EDIT2: Approach seems to be blocking windows upates. Dang! Edited September 20, 2022 by carmik Link to comment Share on other sites More sharing options...
carmik 0 Posted September 20, 2022 Author Share Posted September 20, 2022 Under which category in web control do windows updates fall? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,909 Posted September 20, 2022 Administrators Share Posted September 20, 2022 11 minutes ago, carmik said: Under which category in web control do windows updates fall? *.microsoft.com falls under these categories: Productivity Business Software Windows I assume you should be able to create a url-based permissive rule allowing "microsoft.com" (without wildcards) and put it above the blocking rule. Link to comment Share on other sites More sharing options...
Recommended Posts