Cisco Cisco Web Security Appliance S670 User Guide
12-4
AsyncOS 9.1.1 for Cisco Web Security Appliances User Guide
Chapter 12 Scan Outbound Traffic for Existing Infections
Controlling Upload Requests
Step 8
Submit your changes.
Step 9
Configure Outbound Malware Scanning Policy group control settings to define how the Web Proxy
handles transactions.
handles transactions.
The new Outbound Malware Scanning Policy group automatically inherits global policy group settings
until you configure options for each control setting.
until you configure options for each control setting.
Step 10
Submit and Commit Changes.
Controlling Upload Requests
Each upload request is assigned to an Outbound Malware Scanning Policy group and inherits the control
settings of that policy group. After the Web Proxy receives the upload request headers, it has the
information necessary to decide if it should scan the request body. The DVS engine scans the request
and returns a verdict to the Web Proxy. The block page appears to the end user, if applicable.
settings of that policy group. After the Web Proxy receives the upload request headers, it has the
information necessary to decide if it should scan the request body. The DVS engine scans the request
and returns a verdict to the Web Proxy. The block page appears to the end user, if applicable.
Step 1
Choose Web Security Manager > Outbound Malware Scanning.
Step 2
In the Destinations column, click the link for the policy group you want to configure.
Subnets
Choose whether or not to define policy group membership by subnet or other
addresses.
addresses.
You can select to use the addresses that may be defined with the associated Identity,
or you can enter specific addresses here.
or you can enter specific addresses here.
Note
If the Identity associated with this policy group defines its membership by
addresses, then in this policy group you must enter addresses that are a
subset of the addresses defined in the Identity. Adding addresses in the
policy group further narrows down the list of transactions that match this
policy group.
addresses, then in this policy group you must enter addresses that are a
subset of the addresses defined in the Identity. Adding addresses in the
policy group further narrows down the list of transactions that match this
policy group.
URL Categories
Choose whether or not to define policy group membership by URL categories.
Select the user defined or predefined URL categories.
Select the user defined or predefined URL categories.
Note
If the Identity associated with this policy group defines Identity
membership by this advanced setting, the setting is not configurable at the
non-Identity policy group level.
membership by this advanced setting, the setting is not configurable at the
non-Identity policy group level.
User Agents
Choose whether to define policy group membership by the user agents (client
applications such as updaters and Web browsers) used in the client request. You can
select some commonly defined user agents, or define your own using regular
expressions. Specify whether membership definition includes only the selected user
agents, or specifically excludes the selected user agents.
applications such as updaters and Web browsers) used in the client request. You can
select some commonly defined user agents, or define your own using regular
expressions. Specify whether membership definition includes only the selected user
agents, or specifically excludes the selected user agents.
Note
If the Identification Profile associated with this policy group defines
Identification Profile membership by this advanced setting, the setting is
not configurable at the non-Identification Profile policy group level.
Identification Profile membership by this advanced setting, the setting is
not configurable at the non-Identification Profile policy group level.
User Location
Choose whether or not to define policy group membership by user location, either
remote or local.
remote or local.
Advanced Option
Description