Skip to content

Security Module

The Security module provides browser vulnerability scanning and phishing protection. It requires an active subscription.

Features

Vulnerability Exposure

Automatic scanning of browser installations against known CVE databases. The system identifies outdated or vulnerable browser versions across your user base.

  • Scans run automatically via a background worker
  • Vulnerabilities are matched by browser name and version against the CVE database
  • Severity levels and CVSS scores are tracked per vulnerability
  • Resolved vulnerabilities are automatically removed when browsers are updated
  • Results are available on the Vulnerability Dashboard

See Security Overview for dashboard details.

Phishing Detection

Anti-phishing protection that detects spoofed and malicious websites in real time.

  • Identifies known phishing domains and suspicious URL patterns
  • Generates alerts when users visit potentially dangerous sites
  • Policy-level control over phishing detection behavior

Anti-Phishing

Per-policy toggle that enables real-time phishing site identification and blocking.

  • Enable or disable per policy from the policy editor
  • When active, the browser plugin checks visited URLs against phishing indicators
  • Configurable response: alert-only or block access

Download Guard / Attachment Guard

File extension filtering for browser downloads. Download filters are linked to policies and enforced when users download files from monitored hostnames.

Note: Download Guard is available in the Browser Extension only. The Outlook Add-in uses DLP patterns with extension and mime scan targets for attachment type restrictions. See DLP Module for details.

Filter Modes:

Mode Description
Blocklist Listed extensions are blocked; all others are allowed
Whitelist Only listed extensions are allowed; all others are blocked

Enforcement Modes:

Mode Name Behavior
0 Report Log silently - no user action
1 Alert Warn the user - download/send allowed
2 Warn & Overridable Warn the user - download/send blocked until user overrides
3 Block Block the download/send - no override possible

Templates:

Four predefined filter templates are available when creating a new download filter:

  • Executables - blocks .exe, .bat, .cmd, .msi, .ps1, etc. (block mode)
  • Archives - warns on .zip, .rar, .7z, .tar, etc. (warn mode)
  • Documents Only - whitelist of .pdf, .docx, .xlsx, .pptx, etc.
  • High Risk - blocks high-risk extensions like .scr, .vbs, .js, .wsf, etc.

How it works:

  • Browser extension: Monitors file downloads. When a download starts, the extension checks the file extension against active filters for the current hostname

Audit trail:

Every file download and upload is automatically tracked (filename, extension, file size) regardless of whether download filters are active. The Download Guard dashboard provides a complete audit trail of file transfers across your organization.

Alerts

Security events generate alerts visible in the Alerts section. Alert types include:

  • security_vulnerability_detected - new vulnerability found in a browser installation
  • security_phishing_indicated - potential phishing/spoofing site detected
  • security_phishing_blocked - user was blocked from accessing a phishing site
  • security_phishing_warning_dismissed - user dismissed phishing warning and proceeded
  • security_download_warned - a download warning was displayed to the user
  • security_download_blocked - a file download was blocked by a download filter
  • security_download_warning_dismissed - user dismissed a download warning and proceeded

See Alerts for alert management.