In my last post, I described GFI WebMonitor’s filtering features. Today, I will introduce the tool’s security functions. If you want to have a chance to win a license for 500 clients worth 8,500 dollars, please refer to the end of the article.

As noted in the first post of this series, there is a Web Security edition, which can be purchased separately, or with the Web Filtering edition. The Web Security edition consists of four modules: Download Control Policies, IM Control Policies, Virus Scanning Policies, and the Anti-Phishing Engine.

Download Control Policy

Download Control identifies the file types being downloaded and lets you configure whether WebMonitor allows the download, deletes the corresponding file, or quarantines it. For instance, you can allow HTML files, but block Windows executables or Javascript. I will say more about the quarantine feature below. There are 25 pre-defined file types, but you can also add your own. WebMonitor enables you to treat unknown attachments and all other file types separately. As with all WebMonitor policies, you can apply them only to certain users, groups, or IPs. It is possible to configure multiple policies and to configure different email addresses that will receive a notification in case of a policy violation.

IM Control Polices

The IM Control Policies enable you to block MSN and Windows Live Messenger traffic. However, this only works if you have configured Internet Explorer to use WebMonitor as web proxy. You probably know that you can also disable Microsoft’s Messenger through Group Policy. The advantage of using WebMonitor for this purpose is that you can easily set different polices for different users, groups, and IP addresses.

Virus and spyware protection

The Virus Scanning Policies are certainly the most important part of the WebMonitor’s WebSecurity edition. Even if you restrict downloads to non-executable file types with the Download Control Policies, malware can still find ways to allow them on users’ desktops because the file types could have been modified.

WebMonitor supports three scanning engines from well known anti-virus software vendors: BitDefender, Kaspersky, and Norman. Only Norman and BitDefender are included as standard, while Kaspersky is an optional add-on that has to be purchased separately. (Note that the winner of the 4sysops contest will get a license key that includes the Kaspersky scanning engine.)

All three scanning engines can run simultaneously, which gives you much better protection than using just one anti-virus software. Usually, anti-malware vendors are able to detect the majority of old viruses, but the real danger stems from new viruses that have not yet been analyzed. Using multiple scanning engines increases the likelihood that one of the vendors already has the signatures to protect your network from the latest threats. Of course, there is no problem using another on-demand scanning engine on your desktop; it would only add another line of defense.

You can configure separately the time interval WebMonitor looks for new anti-virus updates, and the administrator can be informed whenever the virus signatures have been successfully updated.

Anti-Phishing Engine

Since GFI is well-known vendor for anti-phishing solutions, WebMonitor is delivered with its own anti-phishing engine. The number of phishing sites is increasing steadily and their methods are becoming more and more sophisticated. A successful phishing attack can cause more damage to your organization than a virus that just cripples some of your PCs. Just imagine what happens if the bad guys get access to one of your company’s bank accounts. Thus, anti-phishing software has become essential for corporate networks. Whenever a user tries to open a phishing site, WebMonitor can block access and inform the user with a notification page. It is also possible to inform an administrator by email.

Quarantine

Any security software will cause false-positives, i.e. cases when blocking access to a service is unjustified. To help you manage such cases, WebMonitor comes with a quarantine feature. Potentially harmful files or URLs are stored in a protected location. Since users are notified when a WebMonitor policy has been breached, they can contact an administrator if they think it was unjustified. WebMonitor quarantines potentially harmful items that were detected by the Download Control Policies, the Web Filtering Policies, and the Virus Scanning Policies. This means that you have just one quarantine folder for both WebMonitor editions, which simplifies the handling of false positives if web security and web filtering is managed with one product. You can display items that have been quarantined by “today”, “yesterday”, “this week”, or “all items”. Approved items will be transferred to the Temporary Whitelist, which allows the user to access the corresponding item.

If you’d like to have the chance to win a GFI WebMonitor license for 500 clients worth 8,500 US dollars, please send an email to

with the subject line,

GFI WebMonitor.

Please give your full name and the name of your organization. The deadline for entering this contest is February 25, 2010.