Start by editing the target Settings Template under Device Settings.
Under Active Protection, go to Web Shield, and choose Customize:
Under the Site Blocking tab, check box the Enable site blocking option, and in the “Blocked URL address” windows, insert:
https://* and click add
http://* and click add
do this a 3rd time just adding the single character * and click add:
Now select the Exclusions tab, and check box the Use URLs to exclude option, and in the “URL address” windows, insert:
http://api*.webrep.avast.com/* (should already be there by default)
*.avast.com and Add (Avast update servers)
*.avcdn.net and Add (Avast update servers)
And lastly, add the URL addresses of the websites that you want to have access to: *facebook.com/* and Add
Now save the settings, and when the clients sync to this Settings Templates, they can only navigate to avast.com and facebook.com. All other URLs are blocked!