Cisco Cisco Web Security Appliance S690 User Guide

When you choose to block suspected malware traffic, you can also choose whether or not to 
always block ambiguous addresses. By default, ambiguous addresses are monitored.

If the L4 Traffic Monitor is configured to block, the L4 Traffic Monitor and the Web Proxy 
must be configured on the same network. Use the Network > Routes page to confirm that 
all clients are accessible on routes that are configured for data traffic.

Define the Additional Suspected Malware Addresses properties

Adding internal IP addresses to the Additional Suspected Malware Addresses list causes 
legitimate destination URLs to show up as malware in L4 Traffic Monitor reports. To avoid 
this do not enter internal IP addresses in the “Additional Suspected Malware Addresses” 
field on the Web Security Manager > L4 Traffic Monitor Policies page.

Submit and Commit Changes.

When you add addresses to the Allow List or Additional Suspected Malware Addresses properties, 
separate multiple entries with whitespace or commas. You can enter addresses in any of the following 
formats:

IPv4 IP address. Example: IPv4 format: 10.1.1.0. IPv6 format: 2002:4559:1FE2::4559:1FE2

CIDR address. Example: 10.1.1.0/24.

Domain name. Example: example.com. 

Hostname. Example: crm.example.com.

The S-Series appliance supports several options for generating feature specific reports and interactive 
displays of summary statistics.