Web Control

Question 1

Give a high level description of the Web Control module.

Answer 1

Web Control is a Browser Protection solution that monitors web searching and browsing activity on client computers, and protects against threats on web pages and in file downloads

Question 2

What are the “Protect” Features of Web Control?

Answer 2

Block and Allow List - Prevent users from visiting specific URLs or domains, or always allow access to sites that are important to your business

Rating Actions and Web Category Blocking - Use safety ratings and web categories defined by McAfee to control user access to sites, pages, and downloads

Secure Search - Automatically block risky sites from appearing in search results based on their safety rating

Self Protection - Prevents users from disabling the Web Control plug-in or uninstalling or changing Web Control files, registry keys, registry values, services, and processes

Question 3

What are the “Detect” features of Web Control?

Answer 3

• Web Control button in the browser window - The Web Control plug-in displays a button indicating the safety rating for the site. Click the button for more information about the site.
• Web Control icon on search results pages - An icon appears next to each listed site. The color of the icon indicates the safety rating for the site. Hover over the icon for more information about the site.
• Site Reports - Details show how the safety rating was calculated based on types of threats detected, test results, and other data.
• Dashboards and monitors - Display statistics about Web Control activity, including visits and downloads from sites by rating, content type, and blocked or allowed list.
• Queries and Reports - retrieve detailed information about Web Control browser events, and save it in reports

Question 4

What are the “Correct” features of Web Control?

Answer 4

Interlock with other McAfee products - Disable Web Control automatically if it detects a web gateway appliance or if McAfee Client Proxy

File scanning for file downloads - Web control sends files to Threat Prevention for scanning. If it detects a threat, Threat Prevention responds with the configured action such as clean, and alerts the user

Dashboard and monitors - Monitor activity to understand browsing activity, then use that information to tune Web Control settings

Exclusions - Prevent Web Control from rating or blocking specific IP addresses

Question 5

Where does Web Control get the reputation information to determine how to handle navigation to URLs

Answer 5

GTI

Question 6

What browsers does Web Control support?

Answer 6

• Internet Explorer 11
• Chrome
• Firefox
• Firefox ESR
• Safari

(Doesn’t support Microsoft Edge)

Question 7

What are the different color coded buttons and what do they signify?

Answer 7

Green Secure - Site is tested daily and certified safe by McAfee Secure

Green -This site is safe.

Yellow - This site might have some issues.

Red - This site has some serious issues.

Grey - No rating is available for this site.
This button appears for FILE (file://) protocol URLs.

Orange - A communication error occurred with the McAfee GTI server that
contains rating information.

Blue - Web Control didn’t query McAfee GTI for this site, which indicates that the site is internal or in a private IP address range.

Black - This site is a phishing site

White - A setting allows this site

Gray translucent - A setting disabled web control

Question 8

What do search result icons signify?

Answer 8

Check mark - Tests revealed no significant problems

Exclamation Point - Tests revealed some issues that users might need to know about. For example, the site tried to change the testers’ browser defaults, displayed pop-ups, or sent testers a significant amount of non-spam email.

Red X - Tests revealed some serious issues that users must consider carefully before accessing this site. For
example, the site sent testers spam email or bundled adware with a download.

Caution Symbol - A Web Control setting blocked this site.

Question Mark - This site is unrated.

Question 9

What feature in Web control allows you to view more details about a site?

Answer 9

Site report

Question 10

What details do site reports reveal?

Answer 10

An Overview of a website

Online Affiliations

Web Spam Test

Download Test

Question 11

What can Web Control set rating actions for?

Answer 11

Sites and downloads for a site

Can either set to block or warn

Warn - Displays a warning to notify users of potential dangers associated with the site

Block - Web Control displays a message that the site is blocked and prevents the download

Question 12

How does Web Control work with Client Proxy?

Answer 12

If the ‘Disable if McAfee Client Proxy is detected’ option is selected, Web Control will be disabled if Client Proxy is redirecting

-When the client system is outside the internal network, Web Control is disabled and Client Proxy redirects
network traffic.

-When the client system moves from outside to inside the internal network, Client Proxy stops redirecting
and Web Control is reenabled.

Question 13

How does Web Control work with a Web Gateway?

Answer 13

By configuring the ‘Use your organization’s default gateway’, ‘Detect web gateway enforcement’, or ‘Specify internal landmark to use’ settings, you can defer the enforcement of network traffic from web control to your web gateway

Question 14

How does the McAfee Team compile safety ratings for a site?

Answer 14

Automated tests compile safety ratings for a website by:
• Downloading files to check for viruses and potentially unwanted programs bundled with the download.
• Entering contact information into sign-up forms and checking for resulting spam or a high volume of
non-spam email sent by the site or its affiliates.
• Checking for excessive pop-up windows.
• Checking for attempts by the site to exploit browser vulnerabilities.
• Checking for deceptive or fraudulent practices employed by a site.

The team compiles test results into a safety report that can also include:
• Feedback submitted by site owners, which might include descriptions of safety precautions used by the site
or responses to user feedback about the site.
• Feedback submitted by site users, which might include reports of phishing scams or bad shopping
experiences.
• More analysis by McAfee experts.

Question 15

How does Web Control handle file downloads?

Answer 15

Web Control checks the rating for the URL, then it performs a file reputation lookup on the file, and then assuming both of these check out, then the file is sent to Threat Prevention to be scanned. If the scan is clean, the file will be downloaded. Otherwise, it will be blocked

Question 16

What information does Web Control send back to ePO?

Answer 16

• Type of event initiated by the managed system (site visit or download)
• Unique ID assigned to the managed system
• Time
• Domain
• URL
• Web Control rating for the event’s site
• Whether the event’s site or site resource is on the Block and Allow List
• Reason for action (allow, warn, or block) taken by the software
• Observe mode status (on or off)

Question 17

How can users potentially circumvent policy settings for Web Control and hide their browsing behavior?

Answer 17

• Creating an application that browses the web.
• Creating a frame page to load websites in a frame.
• Disabling the plug-in from the Choose Add-ons pop-up window that Internet Explorer displays after
Web Control is installed.
• Disabling Web Control in Chrome or Firefox by managing add-ons or extensions in the browser.

Question 18

Is it safe to use Web Control as my only source of security against web-based threats?

Answer 18

No. Web Control tests many threats, and constantly adds new threats to its testing criteria, but it can’t
test for all threats. Users must continue to use traditional security defenses, such as virus and spyware
protection, intrusion prevention, and network access control.

Question 19

You think that certain users may be attempting to circumvent web control policy settings. How can you check to see if this is true?

Answer 19

Use queries that track browsing behavior and usage. Queries alert you when managed systems show
no browsing data or less browsing data than expected.

Check the compliance status of the client software using the Endpoint Security Web Control:
Compliance Status query. This query indicates when the software is disabled.

By setting up monitors that use the applicable queries, or frequently checking reports generated by
queries, you know when users circumvent policy settings. You can then take immediate steps to ensure
compliance.

Question 20

If Internet Explorer is the only browser installed on a managed system when Web Control is deployed,
must I redeploy the software after installing Firefox or Chrome?

Answer 20

No. Web Control detects both Firefox and Chrome when they are installed and immediately begins to
protect searching and browsing activities in that browser, while continuing to protect Internet Explorer.

Question 21

What are the recommended guidelines for creating a strategy?

Answer 21

1 Enable Observe mode and deploy the client software.
2 Evaluate browsing traffic and usage patterns (Reports).
3 Create policies.
4 Test and evaluate settings (Observe mode).
5 Ensure compliance, productivity, and security with frequent monitoring.

Question 22

What should you consider before configuring policies to make sure you configure web control in the way that is best for your organization?

Answer 22

• Assess the security concerns and vulnerabilities that apply to your business.
• Carefully consider any domains and sites that must be accessible to your managed systems and any sites to
block.
• Decide which network browsing activities to monitor.
• Determine your most effective and efficient forms of monitoring.

Question 23

What do the block and allows lists do?

Answer 23

• Allow indicates that users can always access the site, regardless of safety rating or content type.
• Block indicates that users can never access the site.
By default, if the same site appears as both blocked and allowed, the block action takes precedence. You can
configure a policy option for allowed sites to take priority.

Question 24

What is the function of site patterns?

Answer 24

The Block and Allow List policies use site patterns to specify a range of sites that are allowed or blocked. With
site patterns, you can allow or block a domain or a range of similar sites without entering each URL separately.

Question 25

How can Web Control use safety ratings to control access?

Answer 25

In the Content Actions settings, specify whether to allow, warn, or block sites and file downloads, based on the
safety rating.

Question 26

How can Web Control use web categories to control access?

Answer 26

McAfee defines categories for the types of content on websites. You can allow or block access to sites based on these categories.When you enable web category blocking in the Content Actions settings, the software blocks or allows categories of websites.

Question 27

What are the Web Control Policies categories?

Answer 27

Block and Allow List
Browser Control
Content Actions
Enforcement Messaging
Options

Question 28

What does Secure Search do?

Answer 28

Automatically filters the malicious sites in the search result based on their safety rating