Skip to main content

Content Control

The Content Control settings are organized into the following sections:

Note

The Content Control module is available for:

  • Windows for workstations

  • Windows for servers

  • macOS

Important

On macOS endpoints, Content Control relies on a system extension. Installing the Bitdefender extension requires your approval on macOS High Sierra (10.13) and later. The system notifies the user that a system extension from Bitdefender was blocked. You can allow it from Security & Privacy preferences. Until the user approves the Bitdefender system extension, this module will not work and the Bitdefender Endpoint Security Tools user interface will show a critical issue prompting for approval.

To eliminate user intervention, you can pre-approve the Bitdefender extension by whitelisting it using a Mobile Device Management tool. For details about Bitdefender extensions, refer to Bitdefender system extension blocked in macOS .

Web Access Control

Web Access Control enables you to allow or block web access for users or applications during specified time intervals.

The web pages blocked by Web Access Control are not displayed in the browser. Instead, a default web page is displayed informing the user that the requested web page has been blocked by Web Access Control.

content_control_on_prem.png

Use the switch to turn Web Access Control on or off.

You have three configuration options:

  • Select Allow to always grant web access.

  • Select Block to always deny web access.

  • Select Schedule to enable time restrictions on web access based on a detailed schedule.

Whether you choose to allow or block the web access, you can define exceptions to these actions for entire web categories or only for specific web addresses.

Click Settings to configure your web access schedule and exceptions as follows:

  • Scheduler

    To restrict the Internet access to certain times of the day on a weekly basis:

    1. Select from the grid the time intervals during which you want Internet access to be blocked.

      You can click individual cells, or you can click and drag to cover longer periods. Click again in the cell to reverse the selection.

      To start a new selection, click Allow all or Block all, depending on the type of restriction you wish to implement.

    2. Click Save.

    Note

    Bitdefender security agent will perform updates every hour, no matter if web access is blocked.

  • Categories

    Web Categories Filter dynamically filters access to websites based on their content. You can use the Web Categories Filter for defining exceptions to the selected Web Access Control action (Allow or Block) for entire web categories (such as Games, Mature Content or Online Networks).

    To configure Web Categories Filter:

    1. Enable Web Categories Filter.

    2. For a quick configuration, click one of the predefined profiles (Aggressive, Normal or Permissive). Use the description on the right side of the scale to guide your choice. You can view the predefined actions for available web categories by expanding the Web Rules section placed below.

    3. If you are not satisfied with the default settings, you can define a custom filter:

      1. Select Custom.

      2. Click Web Rules to expand the corresponding section.

      3. Find the category that you want in the list and choose the desired action from the menu. For more information about the available website categories, refer to Web Categories in GravityZone Content Control.

    4. Select the option Treat Web Categories as exceptions for Web Access if you want to ignore the existing Web access settings and apply only the Web Categories Filter.

    5. The default message displayed to the user accessing restricted websites contains also the category that the website's content has matched. Deselect the option Show detailed alerts on client if you want to hide this information from the user.

      Note

      This option is not available for macOS.

    6. Click Save.

    Note

    • The Allow permission for specific web categories is also taken into account during time intervals when web access is blocked by Web Access Control.

    • The Allow permissions work only when web access is blocked by Web Access Control, while the Block permissions work only when web access is allowed by Web Access Control.

    • You can override the category permission for individual web addresses by adding them with opposite permission in Web Access Control > Settings > Exclusions. For example, if a web address is blocked by Web Categories Filter, add a web rule for that address with permission set to Allow.

  • Exclusions

    You can also define web rules to explicitly block or allow certain web addresses, overriding the existing Web Access Control settings. Users will be able, for example, to access a specific webpage also when the web browsing is blocked by Web Access Control.

    Note

    Exclusions configured in this section only work if the Web Categories Filter option in the Categories section is enabled.

    To create a web rule:

    1. Enable the Use Exceptions option.

    2. Enter the address you want to allow or block in the Web Address field.

    3. Select Allow or Block from the Permission menu.

    4. Click the add_inline.pngAdd button at the right side of the table to add the address to the exceptions list.

    5. Click Save.

    To edit a web rule:

    1. Click the web address you want to edit.

    2. Modify the existing URL.

    3. Click Save.

    To remove a web rule, click the corresponding delete_inline.pngDelete button.

Application Blacklisting

In this section you can configure Application Blacklisting, which helps you completely block or restrict users' access to applications on their computers. Games, media and messaging software, as well as other categories of software and malware can be blocked in this way.

policy-eps-4_4-applications.png

To configure Application Blacklisting:

  1. Enable the Application Blacklisting option.

  2. Specify the applications you want to restrict access to. To restrict access to an application:

    1. Click the add_inline.pngAdd button at the upper side of the table. A configuration window is displayed.

    2. You must specify the path to the application executable file on the target computers. There are two ways to do this:

      • Choose from the menu a predefined location and complete the path as needed in the edit field. For example, for an application installed in the Program Files folder, select %ProgramFiles and complete the path by adding a backslash (\) and the name of the application folder.

      • Enter the full path in the edit field. It is advisable to use system variables (where appropriate) to make sure the path is valid on all target computers.

    3. Access Scheduler. Schedule the applications access during certain times of day on a weekly basis:

      • Select from the grid the time intervals during which you want to block access to the application. You can click individual cells, or you can click and drag to cover longer periods. Click again in the cell to reverse the selection.

      • To start a new selection, click Allow All or Block All, depending on the type of restriction you wish to implement.

      • Click Save. The new rule will be added to the list.

To remove a rule from the list, select it and click the delete_inline.pngDelete button at the upper side of the table. To edit an existing rule, click it to open its configuration window.

Data Protection

Data Protection prevents unauthorized disclosure of sensitive data based on administrator-defined rules.

Note

This feature is not available for macOS.

policy-eps-4_3-data_protection.png

You can create rules to protect any piece of personal or confidential information, such as:

  • Customer personal information

  • Names and key details of in-development products and technologies

  • Contact information of company executives

Protected information might include names, phone numbers, credit card and bank account information, email addresses and so on.

Based on the data protection rules you create, Bitdefender Endpoint Security Tools scans the web and outgoing email traffic for specific character strings (for example, a credit card number). If there is a match, the respective web page or email message is blocked in order to prevent protected data from being sent.

The functionality of Content Control exclusions is not applicable to internal traffic, therefore, the exclusion based on IP and hostname will not be effective.

The user is immediately informed about the action taken by Bitdefender Endpoint Security Tools through an alert web page or email.

To configure Data Protection:

  1. Use the checkbox to turn on Data Protection.

  2. Create data protection rules for all of the sensitive data you want to protect.

    To create a rule:

    1. Click the add_inline.pngAdd button at the upper side of the table.

      A configuration window is displayed.

    2. Enter the name under which the rule will be listed in the rules table.

      Choose a suggestive name so that you or other administrator can easily identify what the rule is about.

    3. Select the type of data you want to protect.

    4. Enter the data you want to protect (for example, the phone number of a company executive or the internal name of a new product the company is working on).

      Any combination of words, numbers or strings consisting of alphanumerical and special characters (such as @, # or $) is accepted.

      Make sure to enter at least five characters in order to avoid the mistaken blocking of email messages and web pages.

      Important

      Provided data is stored in encrypted form on protected endpoints, but it can be seen on your Control Center account.

      For extra safety, do not enter all of the data you want to protect.

      In this case, you must clear the Match whole words option.

    5. Configure the traffic scan options as needed.

      • Scan web (HTTP traffic) - scans the HTTP (web) traffic and blocks the outgoing data that matches the rule data.

      • Scan email (SMTP traffic) - scans the SMTP (mail) traffic and blocks the outgoing email messages that contain the rule data.

      You can choose to apply the rule only if the rule data matches whole words or if the rule data and the detected string case match.

    6. Click Save.

      The new rule will be added to the list.

  3. Configure exclusions to data protection rules so that users can still send protected data to authorized websites and recipients.

    Exclusions can be applied globally (to all rules) or to specific rules only.

    To add an exclusion:

    1. Click the add_inline.pngAdd button at the upper side of the table.

      A configuration window is displayed.

    2. Enter the web or email address that users are authorized to disclose protected data to.

    3. Select the type of exclusion (web or email address).

    4. From the Rules table, select the data protection rules(s) on which this exclusion should be applied.

    5. Click Save. The new exclusion rule will be added to the list.

Note

If an email containing blocked data is addressed to multiple recipients, those for which exclusions have been defined will receive it.

To remove a rule or an exclusion from the list, click the corresponding delete_inline.pngDelete button at the right side of the table.

In this section: