Cisco Cisco Web Security Appliance S360 User Guide

14-6

AsyncOS 8.7 for Cisco Web Security Appliances User Guide

Chapter 14 File Reputation Filtering and File Analysis

Configuring File Reputation and Analysis Features

Step 7

Adjust the following Advanced Settings as needed:

Note

Do not change any other settings in this section without guidance from Cisco support.

Step 8

Submit and commit your changes.

Configuring File Reputation and Analysis Service Action Per Access Policy

Procedure

Step 1

Select Web Security Manager > Access Policies.

Step 2

Click the link in the Anti-Malware and Reputation column for a policy in the table.

Step 3

In the Advanced Malware Protection Settings section, select Enable File Reputation Filtering and
File Analysis.

If File Analysis is not enabled globally, only File Reputation Filtering is offered.

Step 4

Select an action for Known Malicious and High-Risk Files: Monitor or Block.

The default is Monitor.

Step 5

Submit and commit your changes.

Ensuring That You Receive Alerts About Advanced Malware Protection Issues

Ensure that the appliance is configured to send you alerts related to Advanced Malware Protection.

Option

Description

Routing Table

The routing table (associated with an appliance network
interface type, either Management or Data) to be used for
Advanced Malware Protection services. If the appliance
has both the Management interface and one or more Data
interfaces enabled, you can select Management or Data.

SSL Communication for File Reputation

Check Use SSL (Port 443) to communicate on port 443
instead of the default port, 32137.

This option also allows you to configure an upstream proxy
for communication with the file reputation service.

Note

SSL communication over port 32137 may require
you to open that port in your firewall.

Reputation Threshold

•

Use value from Cloud Service

•

Enter custom value

The upper limit for acceptable file reputation scores.
Scores above this threshold indicate the file is infected.