Cisco Cisco Web Security Appliance S160 User Guide
13-7
AsyncOS 9.1.1 for Cisco Web Security Appliances User Guide
Chapter 13 Configuring Security Services
Understanding Adaptive Scanning
McAfee Categories
Sophos Scanning
The Sophos scanning engine inspects objects downloaded from a web server in HTTP responses. After
inspecting the object, it passes a malware scanning verdict to the DVS engine so the DVS engine can
determine whether to monitor or block the request. You might want to enable the Sophos scanning engine
instead of the McAfee scanning engine if McAfee anti-malware software is installed.
inspecting the object, it passes a malware scanning verdict to the DVS engine so the DVS engine can
determine whether to monitor or block the request. You might want to enable the Sophos scanning engine
instead of the McAfee scanning engine if McAfee anti-malware software is installed.
Understanding Adaptive Scanning
Adaptive Scanning decides which anti-malware scanning engine (including Advanced Malware
Protection scanning for downloaded files) will process the web request. Adaptive Scanning applies the
‘Outbreak Heuristics’ anti-malware category to transactions it identifies as malware prior to running any
scanning engines. You can choose whether or not to block these transactions when you configure
anti-malware settings on the appliance.
Protection scanning for downloaded files) will process the web request. Adaptive Scanning applies the
‘Outbreak Heuristics’ anti-malware category to transactions it identifies as malware prior to running any
scanning engines. You can choose whether or not to block these transactions when you configure
anti-malware settings on the appliance.
Adaptive Scanning and Access Policies
When Adaptive Scanning is enabled, some anti-malware and reputation settings that you can configure
in Access Policies are slightly different:
in Access Policies are slightly different:
•
You can enable or disable web reputation filtering in each Access Policy, but you cannot edit the
Web Reputation Scores.
Web Reputation Scores.
•
You can enable anti-malware scanning in each Access Policy, but you cannot choose which
anti-malware scanning engine to enable. Adaptive Scanning chooses the most appropriate engine for
each web request.
anti-malware scanning engine to enable. Adaptive Scanning chooses the most appropriate engine for
each web request.
Note
If Adaptive Scanning is not enabled and an Access Policy has particular web reputation and anti-malware
settings configured, and then Adaptive Scanning is enabled, any existing web reputation and
anti-malware settings are overridden.
settings configured, and then Adaptive Scanning is enabled, any existing web reputation and
anti-malware settings are overridden.
McAfee Verdict
Malware Scanning Verdict Category
Known Virus
Virus
Trojan
Trojan Horse
Joke File
Adware
Test File
Virus
Wannabe
Virus
Killed
Virus
Commercial Application
Commercial System Monitor
Potentially Unwanted Object
Adware
Potentially Unwanted Software Package
Adware
Encrypted File
Encrypted File