If Option A has been selected: Where you have anti-malware software installed, is it set to scan web pages you visit and warn you about accessing malicious websites?
What this question is really asking
If using option A, confirm that your anti-malware software is configured to scan web pages accessed by users. This provides protection against drive-by downloads and malicious web content beyond scanning only downloaded files. Check that web protection or URL filtering is enabled in your endpoint protection product, not just installed.
What satisfies this requirement
Yes or NoAnti-malware or browser configured to block known malicious websites. Windows 11 MS Defender SmartScreen acceptable.
What to prepare before your assessor visit
Web protection is called different things in different products — 'web protection', 'URL filtering', 'safe browsing', 'web access control'. It is not always enabled by default even in enterprise-grade endpoint products. Open your endpoint protection management console and specifically verify that web protection is enabled and active for all enrolled devices, rather than assuming it is on because the product is installed.
How this question sits across CE versions
Related policy templates
Getting certified means having documentation to back it up. These policy templates cover the controls this question tests.
Does your organisation meet this requirement?
Answer 30 plain-English questions and find out exactly where you stand across all 5 Cyber Essentials control areas — with a prioritised list of what to fix first.