Web filter allow everything only block malware

Question

Hello, 
 
 I have the UTM set up at home and would like to turn the webfilter from block everything and allow exceptions to allow everything and block certain things. Basically all I need it for is to block malware on the network but I noticed that filtering blocks a ton of things that I need add exceptions for. I have the https scanning set up with certificates to all of the computers. Is there anyway to do this?

DouglasFoster · Answer

Quick Fix: You need to change your "Base Policy" from "Default Filter Block Action" to "Default Filter Action". 
 This is found at "Web Protection... Web Filtering... Policies... 
 then click on "Base Policy" at the bottom of the window and change the property. 
 BETTER: 
 Clone this policy, study it, and tailor it to your situation. "Malware" is not a well-defined thing. 90% of your protection comes from not going to sites that might be hostile, 10% comes from detecting hostile content in the replies from the web servers that you do contact. Do you need content from Russia? If not, then block it. Do you need Weapons? If not, then block it. 
 URLs are assigned to categories (their purpose) and reputation. I recommend configuring your policy to block reputation Suspicious and worse. I also block categories associated with unethical activity, from school cheating to software piracy to pornography. I also use country blocking, and create a web exception to exclude URL filtering when I need a specific site. 
 You also need to know that your risk has almost nothing to do with which sites you request. Most of your sites will include content from domains whose name you do not recognize. Any site can be infected and attempt to redirect you to hostile sites invisibly. 
 Finally, turn on IPS. It inspects web replies in ways that the standard web proxy does not. So you need both.

DouglasFoster · Answer

Https scanning is a whole different set of issues. 
 Clients need to have the UTM root certificate installed. Sites with certificate configuration errors will be blocked. Suggest disabling this feature for now.