WEB protection is one of the modules of the antivirus protection arsenal that continuously analyzes the established connections and filters them.
This page describes how the antivirus WEB protection works by blocking malicious sites and URLs.
For a description and more general functioning of the antivirus, go on the page: The antivirus: use and functioning
How WeB protections work
The antivirus WEB protection is a protection module in its own right that aims to protect WEB site computers and malicious web connections.
If malicious content is detected, the threat is blocked and the WEB connection is interrupted, this interruption is important to ensure that the chain of infection is broken and the installation of the Trojan horse is possible.
The problem is especially this cut of WEB connections and the control of the WEB flow. Indeed, if the antivirus detects a connection to a Web Exploit, emits an alert but does not cut the connection, the Web Exploit can continue the installation of the Trojan.
Similarly, for a web page that blocks the WEB browser as Browlock or Phone Support Scams – PC Support. If the antivirus blocks the connection to the malicious page, the web browser can be unblocked more easily.
Clearly, your antivirus has a WEB agent or WEB protection module that analyzes the WEB pages visited:
- If a WEB site by its address is known to be blacklisted, the connection to it will be blocked and an alert will be issued. This can range from known WEB sites to host malicious content, to search engines linked to Browser Hijacker ( BrowserModifier: Win32 at Microsoft)
Example with WEB protection with Avast!
At Avast !, the detection and infection is URL: MAL for Malicious URL.
Thus, if an alert is issued by the antivirus, when visiting a WEB site, the connection to the latter is cut off.
Firefox displays the message ” The connection has been reset “, Google Chrome displays the message ” This site is unreachable “.
Threats blocked by WEB protection and notifications:
WEB protection not only checks WEB browsers connections but all processes that can connect to a WEB site.
Thus, if a Trojan is installed on the computer and the control server address (see How trojans work ), or a malicious file is trying to be downloaded, the antivirus can block the connection and issue an alert.
Here is for example the antivirus Avast! with the protection agents and WEB agents.
In general, for WEB filtering and WEB protection, you can also read this page which presents some tools: Filtering and WEB protection
Blacklist (Blacklist) VS content analysis of WEB pages
The Blacklist is a malicious address database maintained by the Antivirus Editor.
The listed addresses are known to host or distribute malware (viruses, trojans etc) .
The connection to the site will be instantly blocked.
The antivirus WEB protection also analyzes the content of the WEB pages (the source code), if a malicious script is detected, the antivirus emits an alert and blocks the connection.
This analysis works exactly like the file analysis but at the level of the WEB pages.
The detections regarding these threats are usually labeled HTML or JS – eg: Trojan.Script.Heuristic-JS
Below a detection of a malicious script HTML: Script-Inf by Avast!
For example, Microsoft can detect JS / TechBrolo on phone scam phone scam pages – PC Support.
What if your antivirus blocks a web page?
If a webpage has been blocked, your computer is not normally infected, since the malicious content has been blocked upstream.
You can check by performing a scan of the computer.
You can also perform a Malwarebytes Anti-Malware (MBAM) free version cleaning .
If a malicious Web page is blocked regularly, even the WEB browser closed, then it is possible that an adware or trojan is active on the computer.
The antivirus blocking the connections of the latter.
A disinfection of Windows is then to consider.
- Delete Adware and Disinfection PUPs – PUP.Optional / Adwares
- Disinfection and virus removal tutorial
To get personalized help, you can also create a topic on the forum: VIRUS: Delete / Disinfect (Trojan, Adware, Ransomware, Backdoor, Spywares)
Other WEB protection
I remind you that internet browsers also include modules for detecting malicious pages, as follows:
- Google Chrome and Mozilla Firefox uses Google SafeBrowsing
- SmartScreen for Microsoft Internet Browsers: Internet Explorer and Microsoft Edge .