Cisco Cisco Web Security Appliance S670 User Guide
12-12
AsyncOS 8.1 for Cisco Web Security User Guide
Chapter 12 Configuring Security Services
Configuring Anti-Malware and Reputation in Policies
Note
When you enable Webroot, Sophos or McAfee scanning, you can choose to monitor or block some
additional categories in the Malware categories on this page
additional categories in the Malware categories on this page
Step 8
Submit and Commit Changes.
Related Topics
•
•
Configuring Web Reputation Scores
When you install and set up the Web Security appliance, it has default settings for Web Reputation
Scores. However, you can modify threshold settings for web reputation scoring to fit your organization’s
needs.You configure the web reputation filter settings for each policy group.
Scores. However, you can modify threshold settings for web reputation scoring to fit your organization’s
needs.You configure the web reputation filter settings for each policy group.
Configuring Web Reputation Score Thresholds for Access Policies
Step 1
Choose Web Security Manager > Access Policies.
Step 2
Click the link under the Anti-Malware and Reputation column for the Access Policy group you want to
edit.
edit.
Setting
Description
Enable Suspect User
Agent Scanning
Agent Scanning
Choose whether or not to enable the appliance to scan traffic based on the user
agent field specified in the HTTP request header.
agent field specified in the HTTP request header.
When you select this checkbox, you can choose to monitor or block suspect user
agents in the Additional Scanning section at the bottom of the page.
agents in the Additional Scanning section at the bottom of the page.
Enable Webroot
Choose whether or not to enable the appliance to use the Webroot scanning
engine when scanning traffic.
engine when scanning traffic.
Enable Sophos or
McAfee
McAfee
Choose whether or not to enable the appliance to use either the Sophos or
McAfee scanning engine when scanning traffic.
McAfee scanning engine when scanning traffic.
Malware Categories
Choose whether to monitor or block the various malware categories based on a
malware scanning verdict. The categories listed in this section depend on which
scanning engines you enable above.
malware scanning verdict. The categories listed in this section depend on which
scanning engines you enable above.
Other Categories
Choose whether to monitor or block the types of objects and responses listed in
this section.
this section.
Note
URL transactions are categorized as unscannable when the configured
maximum time setting is reached or when the system experiences a
transient error condition. For example, transactions might be
categorized as unscannable during scanning engine updates or AsyncOS
upgrades. The malware scanning verdicts SV_TIMEOUT and
SV_ERROR, are considered unscannable transactions.
maximum time setting is reached or when the system experiences a
transient error condition. For example, transactions might be
categorized as unscannable during scanning engine updates or AsyncOS
upgrades. The malware scanning verdicts SV_TIMEOUT and
SV_ERROR, are considered unscannable transactions.