Cisco Cisco Web Security Appliance S360 User Guide
12-8
Cisco AsyncOS 8.0.6 for Web User Guide
Chapter 12 Configuring Security Services
Enabling Filters
Enabling Filters
Before You Begin
•
Check the Web Reputation Filters, DVS engine, and the Webroot, McAfee, and Sophos scanning
engines are enabled. By default these should be enabled during system setup.
engines are enabled. By default these should be enabled during system setup.
Step 1
Choose Security Services > .
Step 2
Click Edit Global Settings.
Step 3
Configure settings as necessary.
Step 4
Submit and Commit Changes.
Setting
Description
Web Reputation
Filtering
Filtering
Choose whether or not to enable Web Reputation Filtering.
Adaptive Scanning
Choose whether or not to enable Adaptive Scanning. You can only enable
Adaptive Scanning when Web Reputation Filtering is enabled.
Adaptive Scanning when Web Reputation Filtering is enabled.
Object Scanning
Limits
Limits
Specify a maximum request/response size.
The Maximum Object Size value you specify applies to the entire size of
requests and responses that might be scanned by security components on the
Web Security appliance, such as the Cisco IronPort Data Security Filters or the
Webroot scanning engine. When an upload or download size exceeds this size,
the security component may abort the scan in progress and may not provide a
scanning verdict to the Web Proxy.
requests and responses that might be scanned by security components on the
Web Security appliance, such as the Cisco IronPort Data Security Filters or the
Webroot scanning engine. When an upload or download size exceeds this size,
the security component may abort the scan in progress and may not provide a
scanning verdict to the Web Proxy.
Sophos
Choose whether or not to enable the Sophos scanning engine.
McAfee
Choose whether or not to enable the McAfee scanning engine.
When you enable the McAfee scanning engine, you can choose whether or not
to enable heuristic scanning.
to enable heuristic scanning.
Note
Heuristic analysis increases security protection, but can result in false
positives and decreased performance.
positives and decreased performance.
Webroot
Choose whether or not to enable the Webroot scanning engine.
When you enable the Webroot scanning engine, you can configure the Threat
Risk Threshold (TRT). The TRT assigns a numerical value to the probability
that malware exists.
Risk Threshold (TRT). The TRT assigns a numerical value to the probability
that malware exists.
Proprietary algorithms evaluate the result of a URL matching sequence and
assign a Threat Risk Rating (TRR). This value is associated with the threat risk
threshold setting. If the TRR value is greater than or equal to the TRT, the URL
is considered malware and is passed on for further processing.
assign a Threat Risk Rating (TRR). This value is associated with the threat risk
threshold setting. If the TRR value is greater than or equal to the TRT, the URL
is considered malware and is passed on for further processing.
Note
Setting the Threat Risk Threshold to a value lower than 90
dramatically increases the rate of URL blocking and denies legitimate
requests. Cisco strongly recommends maintaining the TRT default
value of 90. The minimum value for a TRT setting is 51.
dramatically increases the rate of URL blocking and denies legitimate
requests. Cisco strongly recommends maintaining the TRT default
value of 90. The minimum value for a TRT setting is 51.