Cisco Cisco Web Security Appliance S380 User Guide
13-12
AsyncOS 9.0.1 for Cisco Web Security Appliances User Guide
Chapter 13 Configuring Security Services
Configuring Anti-Malware and Reputation in Policies
Step 7
Configure the anti-malware settings for the policy as necessary.
Note
When you enable Webroot, Sophos or McAfee scanning, you can choose to monitor or block some
additional categories in the Malware categories on this page
additional categories in the Malware categories on this page
Step 8
Submit and Commit Changes.
Related Topics
•
•
Configuring Web Reputation Scores
When you install and set up the Web Security appliance, it has default settings for Web Reputation
Scores. However, you can modify threshold settings for web reputation scoring to fit your organization’s
needs.You configure the web reputation filter settings for each policy group.
Scores. However, you can modify threshold settings for web reputation scoring to fit your organization’s
needs.You configure the web reputation filter settings for each policy group.
Setting
Description
Enable Suspect User
Agent Scanning
Agent Scanning
Choose whether or not to enable the appliance to scan traffic based on the
user-agent field specified in the HTTP request header.
user-agent field specified in the HTTP request header.
When you select this checkbox, you can choose to monitor or block suspect user
agents in the Additional Scanning section at the bottom of the page.
agents in the Additional Scanning section at the bottom of the page.
Note
Chrome browsers do not include a user-agent string in FTP-over-HTTP
requests; therefore, Chrome cannot be detected as the user agent in
those requests.
requests; therefore, Chrome cannot be detected as the user agent in
those requests.
Enable Webroot
Choose whether or not to enable the appliance to use the Webroot scanning
engine when scanning traffic.
engine when scanning traffic.
Enable Sophos or
McAfee
McAfee
Choose whether or not to enable the appliance to use either the Sophos or
McAfee scanning engine when scanning traffic.
McAfee scanning engine when scanning traffic.
Malware Categories
Choose whether to monitor or block the various malware categories based on a
malware scanning verdict. The categories listed in this section depend on which
scanning engines you enable above.
malware scanning verdict. The categories listed in this section depend on which
scanning engines you enable above.
Other Categories
Choose whether to monitor or block the types of objects and responses listed in
this section.
this section.
Note
URL transactions are categorized as unscannable when the configured
maximum time setting is reached or when the system experiences a
transient error condition. For example, transactions might be
categorized as unscannable during scanning engine updates or AsyncOS
upgrades. The malware scanning verdicts SV_TIMEOUT and
SV_ERROR, are considered unscannable transactions.
maximum time setting is reached or when the system experiences a
transient error condition. For example, transactions might be
categorized as unscannable during scanning engine updates or AsyncOS
upgrades. The malware scanning verdicts SV_TIMEOUT and
SV_ERROR, are considered unscannable transactions.