Cisco Cisco Web Security Appliance S670 User Guide
23-19
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 23 Web Security Appliance Reports
Client Malware Risk Page
Figure 23-8
Malware Threats Report Page
Client Malware Risk Page
The Reporting > Client Malware Risk page is a security-related reporting page that can be used to
monitor client malware risk activity.
monitor client malware risk activity.
From the Client Malware Risk page, a system administrator can see which of their users are encountering
the most blocks or warnings. Given the information gathered from this page, the administrator can click
on the user link to view what this user doing on the web that makes them run into so many blocks or
warnings and setting off more detections than the rest of the users on the network.
the most blocks or warnings. Given the information gathered from this page, the administrator can click
on the user link to view what this user doing on the web that makes them run into so many blocks or
warnings and setting off more detections than the rest of the users on the network.
Additionally, the Client Malware Risk page lists client IP addresses involved in frequent malware
connections, as identified by the L4 Traffic Monitor (L4TM). A computer that connects frequently to
malware sites may be infected with malware that is trying to connect to a central command and control
server and should be disinfected.
connections, as identified by the L4 Traffic Monitor (L4TM). A computer that connects frequently to
malware sites may be infected with malware that is trying to connect to a central command and control
server and should be disinfected.
shows the Client Malware Risk page.