Protecting Business Users from Web Browsing Threats with GFI WebMonitor

AUTHOR: Paul Cunningham

•    Windows Server 2003 server running ISA Server 2006
•    Browser’s version Internet Explorer 6 or higher
•    .NET Framework 2
•     GFI Web Monitor


Businesses face some serious challenges when securing their computer network from the many threats on the internet today.  Viruses, spam and phishing are the most common threats that most businesses will guard against.  This is usually achieved by installing antivirus software on end user machines and using an email security solution to scan all incoming email for malicious content.

Despite the attention paid toward protecting computers from viruses and spam there is often little attention given to the threat presented by common, everyday web browsing.  When internet access is made available to staff with no restrictions in place it opens up the business to several risks such as:

•    Viruses and other malware downloaded from websites
•    Inappropriate content such as pornography accessed by staff
•    “Cyberslacking”, or wasting time on non-work related websites and instant messaging

GFI WebMonitor for ISA Server solves these problems for business by providing comprehensive security features that can scan file downloads for malware, limit or block access to undesirable websites, and prevent instant messaging communication.  By installing GFI WebMonitor on your Microsoft ISA Server firewall or web proxy you can prevent viruses from getting inside of your network and improve staff productivity.


In this demonstration I will walk through the installation of GFI WebMonitor on an existing Microsoft ISA Server 2006 server.  The ISA server is configured as an edge firewall and web proxy, and permits all users to browse the internet and use instant messaging.
To install GFI WebMonitor download the free trial from to the ISA server.  Launch setup and step through the installation wizard.  At the Mail Settings step configure a valid SMTP server and To/From email addresses.

GFI WebMonitor includes Virus Scanning Policies to scan downloaded files for malicious content using multiple anti-virus engines.  This feature is enabled by default and will scan all file types that might contain malware.

When a user initiates a file download GFI WebMonitor intercepts the request, downloading the file on behalf of the user and scanning it for viruses.

After a successful scan the user is permitted to save the file to their computer.

Using the Virus Scanning Policies in GFI WebMonitor allows users to access business related content in file formats such as Microsoft Word, ZIP, and PDF while reducing the risk of downloading a virus or malware program.


GFI WebMonitor includes Web Filtering Policies that can be used to control end user access to web sites based on a categorization database.  This feature is enabled by default but not configured to block any categories.
To prevent access to inappropriate sites such as those containing adult content navigate to Web Filtering Policies in the GFI WebMonitor console, and click the icon to edit the Default Web Filtering Policy.  This default policy applies to all users on the network.

Select the Web Filtering tab to see a list of categories.  Highlight the “Adult and Pornography” category and click Block to move it to the Blocked Categories list.  Click Save Settings when you are done.

When a user attempts to browse to an adult site they are blocked by GFI WebMonitor and a notification is displayed in their browser window.


Web Filtering Policies can be enabled on a scheduled basis, allowing categories of sites to be blocked during certain hours of the day but allowed for other hours.  This is useful for combating “cyberslacking”, or staff spending time on non-work related websites such as Facebook during business hours.
First we must determine which categories to block.  Navigate to WebGrade Database and enter a URL in the Check URL Category field.  We can now see that Facebook is categorized as “Personal Sites and Blogs”.

Navigate to Web Filtering Policies and select Add Policy.

Use the Policy Schedule settings to configure the hours and days that the policy will be active.  In this example the policy is only active from 8am-noon, and 1pm-6pm Monday to Friday.  This would permit staff to access the websites before 8am, at lunchtime, and after 6pm.

On the Web Filtering tab highlight the “Personal Sites and Blogs” category and click the Block button.

On the Applies To tab set the drop down to “Group” and add a domain group that encompasses all of the staff you wish the policy to apply to.

Click Save Settings when you are done.  When a user attempts to access Facebook during business hours they will be blocked and a notification message will appear in their browser.


Cyberslacking can also occur via instant messaging applications such as MSN Messenger.  However these tools are also often very useful for business communications, for example sales staff who may need to use instant messaging to communicate with their customers.  GFI WebMonitor has the capability to control who can access MSN Messenger and when they can access it.
Navigate to IM Control Policies and click the icon to edit the Default IM Control Policy.

On the IM Control tab change the setting to “Block ALL MSN/Windows Live Messenger Traffic”.  Click Save Settings when done.

Now all users will be unable to access MSN Messenger.  Next we allow access for sales staff so that they can continue to use MSN Messenger.  Navigate to IM Control Policies and click Add Policy.  Give the new policy a meaningful name, then click on the Applies To tab and add an group to the list.  Click Save Settings when done.

Members of the Sales Staff group will now be able to access MSN Messenger while other staff will be blocked.


GFI WebMonitor provides businesses with a comprehensive set of configuration options to control internet access and enforce internet usage policies for their end users, as I have demonstrated in this tutorial.  A free 30 day trial of GFI WebMonitor can be downloaded from