Configuring Datto DNS Secure

This articles describes the Datto DNS Secure feature and how to configure it.

Datto DNS Secure

Datto DNS Secure is a feature that allows you to block user access to websites based on categories you enable. When a user attempts to access a particular website, Datto AV will determine the category to which the website belongs. If you have enabled the category in the Datto DNS Secure feature, the user will be blocked from accessing the website. If the category is not enabled, the user will be able to access the website.

You may find some websites may not be categorized by Datto AV as you would expect. Therefore, the feature enables you add URLs to a blocklist or an allowlist to address specific websites.

Enabling Datto DNS Secure

Datto DNS Secure settings are enabled in your Datto AV policy. To enable Datto DNS Secure, on the Policies page, edit an existing Datto Antivirus policy or create a new one. In the Policy Rules section, click the DNS Secure tab and select the Enable Datto DNS Secure check box.

Configuring threat categories

You can select website categories to block within two threat categories: Security Categories to Block and Content Categories to Block. Select the check box of each category for which you would like to block access.

Security Categories to Block

The section includes categories for websites that pose a security risk or gather information to use in an attack.

Category Description
Spam Websites that capture your email address so they can send you unwanted spam.
Malware Websites that actively distribute malware.
Potentially Unwanted Applications Websites identified or associated with distribution of unwanted applications.
Phishing Websites designed to gather user information for the sole purpose of targeted phishing.
Potential Unwanted Search Engine Search engines which have been flagged because you may have been redirected by malware or a potentially unwanted application.

Content Categories to Block

The section includes categories for websites that may introduce unwanted security risks or may jeopardize your business reputation.

Category Description
Illegal content Websites that host known illegal content.
Streaming media Non-threating sites that provide streaming services. Typically used when bandwidth is limited.
Gambling Websites used for gambling or betting.
Hacking/cracking Websites that support hacker training or provide tools used for hacking.
Profane content Websites that host profane content.
Warez Websites that provide pirated or stolen software.
Illegal drugs & paraphernalia Websites that provide access to potential illegal drugs.
Weapons Websites that provide access to weapons or host content for using weapons.
VPNs, proxies, & filter avoidance Websites that host VPNs used to circumvent firewall or other security access controls.
Pornography Adult material.
Spyware, malware Websites that collect personal information to be used in a malicious manner.
Deceptive, phishing Websites that are misleading or mock known sites to distribute malware or collect personal information.
Social networking Facebook, Tiktok, etc.
Hate content Websites that spread hateful content.

Configuring blocklists and allowlists

For websites that may not be categorized by Datto AV as you would like, you can add specific URLs to the Domain List and indicate whether the domain is to be trusted or blocked.

Domains are typically formatted as domain.com or sub.domain.com. When adding a new domain, you can enter the exact domain or use wildcards for sub domains. It is not necessary to include www. in the URL. For example, the system treats google.com the same as www.google.com.

IMPORTANT  Enter domains only. Do not enter protocols such as HTTP, FTP.

Below are URL format examples along with a description of the outcome based on blocking access.

URL example Outcome
Google.com Access to google.com and www.google.com will be blocked but access to sub-domains, such as accounts.google.com, will be allowed.
www.google.com This will block access to google.com and www.google.com but access to its sub-domains will be allowed.
*.google.com This will block access to google.com and www.google.com and its sub-domains.
Accounts.google.com Access to accounts.google.com will be blocked while access to google.com and other sub-domains, such as help.google.com, will be allowed.
Help.*.com Not an acceptable URL format.
https://google.com Not an acceptable URL format.

To add a domain to the Domain List:

  1. Expand the Domain List section.
  2. Click the Add Domain button.
  3. The Add Domain modal is displayed. Select Trusted Domain (selected by default) or Block Domain.
  4. In the Domain field, enter the domain's URL.
  5. To add another domain, click +Add Domain. In the new Domain field displayed, enter the domain's URL. Note that each domain added in this manner must be of the same type, Trusted Domain or Block Domain.
  6. When you have finished adding URLs, click the Add button.


    The domains are listed in the Domain List table.

IMPORTANT  If a user has active browser processes running when Datto DNS Secure is enabled, some sites may still be accessible by the user. The settings will be applied when the browser service is restarted.

Configuring trusted executables

In the Trusted Executables section, you can add specified executable files that are allowed to connect to online services while running.

Rules for implementing:

  • Can only be used for local disk paths.
  • Cannot include wildcards.
  • Cannot use Windows Environment variables

Examples:

C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe

To add an executable file to the Trusted Executables list:

  1. Expand the Trusted Executables section.
  2. In the field, enter the local path.
  3. Click the Add button.

FAQs