Cisco Cisco Web Security Appliance S670 User Guide
19-12
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 19 Configuring Security Services
Configuring Web Reputation and Anti-Malware in Policies
Step 7
Submit and commit your changes.
Configuring Web Reputation and Anti-Malware Settings with Adaptive Scanning Disabled
Step 1
Navigate to the Web Security Manager > Access Policies page.
Step 2
Click the Web Reputation and Anti-Malware Filtering link for the Access Policy you want to configure.
Step 3
Under the “Web Reputation and Anti-Malware Settings” section, choose Define Web Reputation and
Anti-Malware Custom Settings if it is not chosen already.
Anti-Malware Custom Settings if it is not chosen already.
This allows you to configure web reputation and anti-malware settings for this Access Policy that differ
from the global policy.
from the global policy.
Step 4
Configure the settings in the Web Reputation Settings section. For more information, see
Step 5
Scroll down to the Cisco IronPort DVS Anti-Malware Settings section.
Step 6
Configure the anti-malware settings for the policy as necessary.
describes the anti-malware
settings you can configure for Access Policies when Adaptive Scanning is disabled.
Malware Categories
Choose whether to monitor or block the various malware categories based on
a malware scanning verdict. For more information on each category, see
a malware scanning verdict. For more information on each category, see
Other Categories
Choose whether to monitor or block the types of objects and responses listed
in this section.
in this section.
Note: The category Outbreak Heuristics applies to transactions which are
identified as malware by Adaptive Scanning prior to running any scanning
engines.
identified as malware by Adaptive Scanning prior to running any scanning
engines.
Note: URL transactions are categorized as unscannable when the configured
maximum time setting is reached or when the system experiences a transient
error condition. For example, transactions might be categorized as
unscannable during scanning engine updates or AsyncOS upgrades. The
malware scanning verdicts SV_TIMEOUT and SV_ERROR, are considered
unscannable transactions.
maximum time setting is reached or when the system experiences a transient
error condition. For example, transactions might be categorized as
unscannable during scanning engine updates or AsyncOS upgrades. The
malware scanning verdicts SV_TIMEOUT and SV_ERROR, are considered
unscannable transactions.
Table 19-6
Anti-Malware Settings for Access Policies—Adaptive Scanning Enabled (continued)
Setting
Description
Table 19-7
Anti-Malware Settings for Access Policies—Adaptive Scanning Disabled
Setting
Description
Enable Suspect User
Agent Scanning
Agent Scanning
Choose whether or not to enable the appliance to scan traffic based on the user
agent field specified in the HTTP request header.
agent field specified in the HTTP request header.
When you select this checkbox, you can choose to monitor or block suspect user
agents in the Additional Scanning section at the bottom of the page.
agents in the Additional Scanning section at the bottom of the page.
Enable Webroot
Choose whether or not to enable the appliance to use the Webroot scanning
engine when scanning traffic. When you enable Webroot scanning, you can
choose to monitor or block some additional categories in the Malware
categories on this page.
engine when scanning traffic. When you enable Webroot scanning, you can
choose to monitor or block some additional categories in the Malware
categories on this page.