Cisco Cisco Web Security Appliance S390 Betriebsanweisung
C O N F I G U R I N G A N T I - M A L W A R E S C A N N I N G
C H A P T E R 1 5 : A N T I - M A L W A R E S E R V I C E S
329
3. Submit and commit your changes.
4. Navigate to the Web Security Manager > Access Policies page.
5. Click the Web Reputation and Anti-Malware Filtering link for the Access Policy you want
to configure.
On this page, you can enable monitoring or blocking for malware categories based on
malware scanning verdicts.
malware scanning verdicts.
6. Under the “Web Reputation and Anti-Malware Settings” section, choose Define Web
Reputation and Anti-Malware Custom Settings if it is not chosen already.
This allows you to configure web reputation and anti-malware settings for this Access
Policy that differ from the global policy.
Policy that differ from the global policy.
7. Scroll down to the Ironport DVS Anti-Malware Settings section.
Threat Risk Threshold
The TRT (Threat Risk Threshold) assigns a numerical value to the
probability that malware exists.
Proprietary algorithms evaluate the result of a URL matching
sequence and assign a TRR (Threat Risk Rating). This value is
associated with the threat risk threshold setting. If the TRR value is
greater than or equal to the TRT, the URL is considered malware
and is passed on for further processing.
Note: Setting the Threat Risk Threshold to a value lower than 90
dramatically increases the rate of URL blocking and denies
legitimate requests. IronPort strongly recommends maintaining
the TRT default value of 90. The minimum value for a TRT setting
is 51.
Applies to the Webroot scanning engine only.
probability that malware exists.
Proprietary algorithms evaluate the result of a URL matching
sequence and assign a TRR (Threat Risk Rating). This value is
associated with the threat risk threshold setting. If the TRR value is
greater than or equal to the TRT, the URL is considered malware
and is passed on for further processing.
Note: Setting the Threat Risk Threshold to a value lower than 90
dramatically increases the rate of URL blocking and denies
legitimate requests. IronPort strongly recommends maintaining
the TRT default value of 90. The minimum value for a TRT setting
is 51.
Applies to the Webroot scanning engine only.
Heuristic Scanning
Choose whether or not to enable heuristic scanning for the
McAfee scanning engine.
For more information about heuristic scanning, see “McAfee
Scanning” on page 326.
Note: Heuristic analysis increases security protection, but can
result in false positives and decreased performance.
Applies to the McAfee scanning engine only.
McAfee scanning engine.
For more information about heuristic scanning, see “McAfee
Scanning” on page 326.
Note: Heuristic analysis increases security protection, but can
result in false positives and decreased performance.
Applies to the McAfee scanning engine only.
Table 15-3 Anti-Malware Settings (Continued)
Setting
Description