Web Shield - Settings

This screen allows you to set the main parameters for Web Shield.

• Web scanning: scans all content on websites you visit while browsing the web.
  • Warn when downloading files with poor reputation: sends an alert message when a file with a bad rating or no rating at all based on reputation services is being downloaded. We recommend that only novice users tick this option.
  • Scan traffic from well-known browser processes only: resolves conflicts with less known browsers and other web applications that you trust if they are blocked by the Shield while trying to access the internet. By ticking this option, data traffic from these less known web applications is authorized and is not scanned for malware by the Shield.
  Additional options can be configured in the Web scanning section.
• HTTPS scanning: scans websites with encrypted connections. If disabled, only websites with unsecured connections are scanned.
• Use intelligent stream scanning: scans files continuously while they are being downloaded. If you untick this box, the whole file is downloaded to a temporary folder, then scanned.
• Do not scan trusted sites: excludes websites with valid SSL certificates from scanning.
• Block malware URLs: blocks untrusted websites based on a database of known malware URLs.
• Script scanning: blocks malicious scripts from the web and other sources, including encrypted transfers via HTTPS connections. Additional options can be configured in the Script scanning section.

All settings are enabled by default, except the subsettings for Web Scanning.

The Web scanning screen allows you to specify which type of content Web Shield scans. The following options apply if Web scanning is enabled in Main settings.

• Scan all files: scans all downloaded files. This option is selected by default.
• Scan selected file types only: only scans files with certain extensions or MIME-types that you specify. If selected, tick the relevant option, then type the file extension into the text box. To add another extension to the list, click Add. To remove an extension, click the relevant row, then click Delete.
• Do not unpack archives with valid digital signatures: excludes trusted archive files from verified publishers from being scanned.

Note: File extensions can include wildcard characters * or ?. The asterisk replaces zero or more characters, whereas the question mark replaces a single character. For example:

• To scan all HTML file types, type htm* into the text box.
• To scan all file types with two characters in a file extension, type ?? into the text box.

The Exclusions screen allows you to specify URL addresses, MIME-type extensions, or processes that you want Web Shield to ignore. To add a new item, tick the relevant option, then type the URL, extension, or file location into the text box. To add a process, click Browse, select a file (.exe), then click OK.

To add another item to the list, click Add. To remove an item, click the relevant row, then click Delete.

URLs, extensions, and file locations can include wildcard characters ? and *. The asterisk replaces zero or more characters, and the question mark replaces a single character. For example:

• To block all subdomains and domains of a particular website, add *. to the beginning and /* to the end of the website domain, for instance *.example.com/* .
• To exclude all HTML file types, type *.htm* into the text box.

Note: Exclusions that you specify on this screen only apply to Web Shield and do not affect any other scans or Shields. If you want to exclude a location from all Avast Antivirus scans, go to Settings ▸ General ▸ Exclusions to specify the location.

The Actions screen allows you to configure automatic responses to any online threats detected by Web Shield.

Select a detection type (Virus, PUP or Suspicious), then select an action:

• Abort connection (default): terminates your connection with the applicable website as soon as a potential threat is detected.
• Ask: gives you the option to terminate the connection with the applicable website or remain connected when a potential threat is detected. Remaining connected may be risky.

Tick Show a notification window when action is taken to be notified of all actions (ticked by default).

Note: You can specify different actions for each detection type (Virus, PUP or Suspicious).

The Packers screen allows you to indicate the compressed file types that you want Web Shield to unpack when checking for malware. For example, .zip, and .rar. The Shield is better able to analyze files for malware when files are unpacked. To unpack a file is the same as to extract a file from an archive. Original archives, including the files contained within, remain intact when being processed by the Shield.

By default, All packers are ticked.

Note: For more information about a specific file type, tick the file type and refer to the information under Packer description at the bottom of the screen.

The Sensitivity screen allows you to define the following settings for Web Shield:

• Heuristics: heuristics enable Avast to detect unknown malware by analyzing code for commands which may indicate malicious intent. Specify your preferences for the following options:
  • Use the orange bars to indicate your preferred level of heuristic sensitivity. The default setting is Normal (three bars). With higher sensitivity, Avast is more likely to detect malware, but also more likely to make false-positive detections (incorrectly identify files as malware).
  • Tick Use Code Emulation to unpack and test any suspected malware in an emulated environment where the file cannot cause damage to your PC. This option is ticked by default.
• Sensitivity: tick Test whole files if you want the scan to analyze entire files rather than only the parts typically affected by malicious code. When this option is ticked, the scan is slower but more thorough.
• PUP and suspicious files: tick Scan for potentially unwanted programs (PUPs) if you want the scan to look for programs that are stealthily downloaded with other programs and typically perform unwanted activity.

Note: The more options you tick and the higher the sensitivity you set, the more thoroughly the Shield scans your PC. With higher sensitivity, false-positive detections are more likely and more resources are consumed on your PC.

The Site blocking screen allows you to block access to specific websites. This can be useful if you want to prevent children or other users from accessing certain content on the web. To block a website:

1. Tick the box next to Enable site blocking.
2. Type the URL address of the website you want to block into the text box.
3. Click OK.

To add another URL to the list, click Add. To remove a URL, click the relevant row, then click Delete.

URLs can include wildcard characters * or ?. The asterisk replaces zero or more characters, whereas the question mark replaces a single character. For example:

• To block all subdomains and domains of a particular website, add *. to the beginning and /* to the end of the website domain, type *.example.com/* into the text box.
• To block any website containg triple "x" anywhere in the URL, type *xxx* into the text box.
• To block all html pages with the filename containing a single character in domain of a particular website, type example.com/?.html into the text box.

Script scanning prevents browsers and other applications from running potentially malicious scripts. This includes remote threats from the web and outside sources, local threats downloaded to your hard drive or in the browser cache, and scripts that come from encrypted connections.

This screen allows you to select which browsers are scanned, including other applications which use Windows Script Host (WSH) to run their own scripts. All options are ticked by default to ensure your full security. These options apply if Script scanning is enabled in Main settings.

The Script exclusions screen allows you to exclude specific web addresses from script scanning, so you can access all content on those websites.

To exclude a website from script scanning, follow these steps:

1. Tick the box next to URLs to exclude.
2. Type the URL address of the website you want to exclude into the text box.
3. Click OK.

To add another URL to the list, click Add. To remove a URL, click the relevant row, then click Delete.

Note: Use exclusions only if you are sure the website you want to exclude from scanning is safe.

The Report file screen allows you to specify whether you want Web Shield to produce reports of scan results. When troubleshooting issues with Avast Support representatives, you may be requested to provide a report file.

To generate automatic scan reports, follow these steps:

1. Tick Generate report file. This option is ticked by default.
2. Manage the following settings:
   • File name: provide a name for the report file.
   • File type: select the format of the report file - plain text ANSI, plain text Unicode, or XML.
   • If file exists: select Append if you want new results to be added to the end of the previous report, or Overwrite if you want new results to replace the previous report.
3. Define the contents of the report:
   • Infected items: files and areas of the scanned environment which are identified as containing malware. This option is ticked by default.
   • Hard errors: unexpected errors which require further investigation. This option is ticked by default.
   • Soft errors: minor errors such as a file being unable to be scanned because it was in use.
   • OK items: files and areas which were identified as being clean. Ticking this option results in very long reports.
   • Skipped items: files and areas which the Shield did not check because of the scan settings.
4. Click OK.

Report files are saved in one of the following locations:

• Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista: C:\ProgramData\Avast Software\Avast\report
• Windows XP: C:\Documents and Settings\All Users\Application Data\Avast Software\Avast\report