Cisco Cisco Web Security Appliance S690 User Guide

14-10

AsyncOS 9.0 for Cisco Web Security Appliances User Guide

Chapter 14 File Reputation Filtering and File Analysis

Configuring File Reputation and Analysis Features

Configuring File Reputation and Analysis Service Action Per Access Policy

Step 1

Select Web Security Manager > Access Policies.

Step 2

Click the link in the Anti-Malware and Reputation column for a policy in the table.

Step 3

In the Advanced Malware Protection Settings section, select Enable File Reputation Filtering and
File Analysis.

If File Analysis is not enabled globally, only File Reputation Filtering is offered.

Step 4

Select an action for Known Malicious and High-Risk Files: Monitor or Block.

The default is Monitor.

Step 5

Submit and commit your changes.

Ensuring That You Receive Alerts About Advanced Malware Protection Issues

Ensure that the appliance is configured to send you alerts related to Advanced Malware Protection.

You will receive alerts when:

Appliance

Location of File Analysis Client ID

Email Security
appliance

Advanced Settings for File Analysis section
on the Security Services > File Reputation and Analysis page.

Web Security
appliance

Advanced Settings for File Analysis section
on the Security Services > Anti-Malware and Reputation page.

Security Management
appliance

At the bottom of the Management Appliance > Centralized Services >
Security Appliances page.

Alert Description

Type

Severity

Feature keys expire

(As is standard for all features)

The file reputation or file analysis service is unreachable.

Anti-Malware

Warning

Communication with cloud services is established.

Anti-Malware

Info

A file reputation verdict changes.

Anti-Malware

Info

File types that can be sent for analysis have changed. You
may want to enable upload of new file types.

Anti-Malware

Info