Hello all, This may be a little hard to understand, not the subject but me trying to detail what I am asking, please be patient. Please also ignore any bad formatting as I copied this out of a Note Pad file I wrote and I manually broke the lines to keep it narrow. By default under Web access protection HTTP, HTTPs Address management You choose to: Allow access only to HTTP addresses in the list of allowed addresses. What happens is all HTTP addresses are blocked except for the ones in the list. I however noticed that all HTTPS sites are allowed even though they are not in the list. I wanted to block all sites except for what I want the users to have access to. Example we are going to have cloud software where I work within a year maybe, and I have the front desk computers blocked from getting internet, they will need to have access to the cloud based software when we get it. I do not want any other sites HTTP or HTTPS to be available. This is a small business with just 4 computers in the employee office and has no need for a server or a full fledged proxy. I called ESET support but was very tired and falling asleep by the time they answered. They told me how to include SSL sites in the block list. I will show you here what they told me. I just want to make sure I have it right. Then what I am curious to know is, does anyone use these settings? If so how do they work out? Do they cause any other issues? See the information below on how to set this up. Thanks. Vince To include HTTPS Sites in the Allow access only to HTTP addresses in the list of allowed addresses do the following: In the Antivirus and Spyware menu find Protocol filtering. Go to the SSL section. Choose Always scan SSL protocol. Leave other option default. Now go to Web access protection and choose HTTP,HTTPS. In that section, choose the HTTPS Scanner filtering mode setup option, Choose Use HTTPS protocol checking for applications marked as Internet browsers that use selected ports. Leave the default ports. Now all HTTPS Pages not in the allowed list will not be accessible.