How Web Control works Web Control queries McAfee GTI for reputation information to determine how to handle navigation to URLs. The administrator configures Web Control settings in McAfee ePO and enforces the policy to the client system. If managed, the administrator configures Web Control settings in McAfee ePO and enforces the policy to the client system. The user visits or accesses a resource from a website. Web Control requests the URL reputation from McAfee GTI. If the URL reputation is green, Web Control allows navigation to the URL and displays the page. Otherwise, Web Control navigates to either the block or warn page, based on settings. If the URL reputation is unrated but matches a category in McAfee GTI, Web Control allows or blocks navigation to the URL, based on Content Actions settings. If the request is a file download and the file reputation is not malicious, Web Control allows the download, even if the URL reputation is malicious. If the file reputation is unknown, Web Control sends the file to Threat Prevention for scanning by the on-demand scanner. Threat Prevention checks the file against the AMCore content file. If it matches a signature or hash in content, the file download is blocked. Otherwise, the file is downloaded. Web Control logs the details. Web Control logs the details, then generates and sends an event to McAfee ePO. How it works Web Control and McAfee Client Proxy When Web Control is disabled because Client Proxy is present and redirecting: Web Control ignores rating and enforcement actions. Web Control browser controls are disabled. Endpoint Security Client Status page shows Web Control status as Disabled. Endpoint Security Client Settings page indicates that Web Control is disabled because Client Proxy is detected.