Cisco Cisco Web Security Appliance S670 User Guide

Submit and Commit Changes.

When Anti-Malware and Reputation Filters are enabled on the appliance, you can configure different 
settings in policy groups. You can enable monitoring or blocking for malware categories based on 
malware scanning verdicts. 

You can configure anti-malware settings in the following policy groups:

You can configure web reputation settings in the following policy groups:

McAfee

Choose whether or not to enable the McAfee scanning engine.

When you enable the McAfee scanning engine, you can choose whether or not 
to enable heuristic scanning. 

Heuristic analysis increases security protection, but can result in false 
positives and decreased performance.

Webroot

Choose whether or not to enable the Webroot scanning engine.

When you enable the Webroot scanning engine, you can configure the Threat 
Risk Threshold (TRT). The TRT assigns a numerical value to the probability 
that malware exists.

Proprietary algorithms evaluate the result of a URL matching sequence and 
assign a Threat Risk Rating (TRR). This value is associated with the threat risk 
threshold setting. If the TRR value is greater than or equal to the TRT, the URL 
is considered malware and is passed on for further processing.

Setting the Threat Risk Threshold to a value lower than 90 
dramatically increases the rate of URL blocking and denies legitimate 
requests. Cisco strongly recommends maintaining the TRT default 
value of 90. The minimum value for a TRT setting is 51.

Access Policies

Outbound Malware Scanning Policies

Controlling Upload Requests Using Outbound Malware 
Scanning Policies