Cisco Cisco Web Security Appliance S160 User Guide
Chapter 19 Anti-Malware Services
Configuring Anti-Malware Scanning
19-14
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Step 8
Configure the anti-malware settings for the policy as necessary.
describes the anti-malware settings you can configure for Access Policies.
Table 19-4
Anti-Malware Settings for Access Policies
Setting
Description
Enable Suspect
User Agent
Scanning
User Agent
Scanning
Choose whether or not to enable the appliance to scan traffic
based on the user agent field specified in the HTTP request
header.
based on the user agent field specified in the HTTP request
header.
When you check this setting, you can choose to monitor or
block suspect user agents in the Additional Scanning
section at the bottom of the page.
block suspect user agents in the Additional Scanning
section at the bottom of the page.
Enable Webroot
Choose whether or not to enable the appliance to use the
Webroot scanning engine when scanning traffic. When you
enable Webroot scanning, you can choose to monitor or
block some additional categories in the Malware categories
on this page.
Webroot scanning engine when scanning traffic. When you
enable Webroot scanning, you can choose to monitor or
block some additional categories in the Malware categories
on this page.
Enable Sophos or
McAfee
McAfee
Choose whether or not to enable the appliance to use either
the Sophos or McAfee scanning engine when scanning
traffic. When you enable Sophos or McAfee scanning, you
can choose to monitor or block some additional categories
in the Malware categories on this page.
the Sophos or McAfee scanning engine when scanning
traffic. When you enable Sophos or McAfee scanning, you
can choose to monitor or block some additional categories
in the Malware categories on this page.
Malware
Categories
Categories
Choose whether to monitor or block the various malware
categories based on a malware scanning verdict.
categories based on a malware scanning verdict.
The categories listed in this section depend on which
scanning engines you enable above.
scanning engines you enable above.
Other Categories
Choose whether to monitor or block the types of objects and
responses listed in this section.
responses listed in this section.
Note: URL transactions are categorized as unscannable
when the configured maximum time setting is reached or
when the system experiences a transient error condition. For
example, transactions might be categorized as unscannable
during scanning engine updates or AsyncOS upgrades. The
malware scanning verdicts SV_TIMEOUT and
SV_ERROR, are considered unscannable transactions.
when the configured maximum time setting is reached or
when the system experiences a transient error condition. For
example, transactions might be categorized as unscannable
during scanning engine updates or AsyncOS upgrades. The
malware scanning verdicts SV_TIMEOUT and
SV_ERROR, are considered unscannable transactions.
Step 9
Submit and commit your changes.